1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2012 Holger Hans Peter Freyther
11 #include <sys/resource.h>
13 #include "sd-messages.h"
16 #include "all-units.h"
17 #include "alloc-util.h"
18 #include "bpf-firewall.h"
19 #include "bpf-program.h"
20 #include "bpf-restrict-fs.h"
21 #include "bpf-socket-bind.h"
22 #include "bus-error.h"
23 #include "bus-internal.h"
26 #include "capability-util.h"
27 #include "cgroup-setup.h"
28 #include "conf-parser.h"
29 #include "core-varlink.h"
30 #include "cpu-set-util.h"
31 #include "creds-util.h"
33 #include "errno-list.h"
35 #include "exec-credential.h"
39 #include "firewall-util.h"
41 #include "fstab-util.h"
42 #include "hexdecoct.h"
43 #include "iovec-util.h"
44 #include "ioprio-util.h"
45 #include "ip-protocol-list.h"
46 #include "journal-file.h"
47 #include "limits-util.h"
48 #include "load-fragment.h"
50 #include "missing_ioprio.h"
51 #include "mountpoint-util.h"
52 #include "nulstr-util.h"
53 #include "open-file.h"
54 #include "parse-helpers.h"
55 #include "parse-util.h"
56 #include "path-util.h"
57 #include "pcre2-util.h"
58 #include "percent-util.h"
59 #include "process-util.h"
60 #include "seccomp-util.h"
61 #include "securebits-util.h"
62 #include "selinux-util.h"
63 #include "signal-util.h"
64 #include "socket-netlink.h"
65 #include "specifier.h"
66 #include "stat-util.h"
67 #include "string-util.h"
69 #include "syslog-util.h"
70 #include "time-util.h"
71 #include "unit-name.h"
72 #include "unit-printf.h"
73 #include "user-util.h"
77 static int parse_socket_protocol(const char *s
) {
80 r
= parse_ip_protocol(s
);
83 if (!IN_SET(r
, IPPROTO_UDPLITE
, IPPROTO_SCTP
))
84 return -EPROTONOSUPPORT
;
89 int parse_crash_chvt(const char *value
, int *data
) {
92 if (safe_atoi(value
, data
) >= 0)
95 b
= parse_boolean(value
);
100 *data
= 0; /* switch to where kmsg goes */
102 *data
= -1; /* turn off switching */
107 int parse_confirm_spawn(const char *value
, char **console
) {
111 r
= value
? parse_boolean(value
) : 1;
115 } else if (r
> 0) /* on with default tty */
116 s
= strdup("/dev/console");
117 else if (is_path(value
)) /* on with fully qualified path */
119 else /* on with only a tty file name, not a fully qualified path */
120 s
= path_join("/dev/", value
);
128 DEFINE_CONFIG_PARSE(config_parse_socket_protocol
, parse_socket_protocol
, "Failed to parse socket protocol");
129 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits
, secure_bits_from_string
, "Failed to parse secure bits");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode
, collect_mode
, CollectMode
, "Failed to parse garbage collection mode");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy
, cgroup_device_policy
, CGroupDevicePolicy
, "Failed to parse device policy");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
, "Failed to parse keyring mode");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc
, protect_proc
, ProtectProc
, "Failed to parse /proc/ protection mode");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset
, proc_subset
, ProcSubset
, "Failed to parse /proc/ subset mode");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
, "Failed to parse utmp mode");
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode
, job_mode
, JobMode
, "Failed to parse job mode");
137 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access
, notify_access
, NotifyAccess
, "Failed to parse notify access specifier");
138 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home
, protect_home
, ProtectHome
, "Failed to parse protect home value");
139 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system
, protect_system
, ProtectSystem
, "Failed to parse protect system value");
140 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
, "Failed to parse resource preserve mode");
141 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type
, service_type
, ServiceType
, "Failed to parse service type");
142 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_exit_type
, service_exit_type
, ServiceExitType
, "Failed to parse service exit type");
143 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart
, service_restart
, ServiceRestart
, "Failed to parse service restart specifier");
144 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart_mode
, service_restart_mode
, ServiceRestartMode
, "Failed to parse service restart mode");
145 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode
, service_timeout_failure_mode
, ServiceTimeoutFailureMode
, "Failed to parse timeout failure mode");
146 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind
, socket_address_bind_ipv6_only_or_bool
, SocketAddressBindIPv6Only
, "Failed to parse bind IPv6 only value");
147 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy
, oom_policy
, OOMPolicy
, "Failed to parse OOM policy");
148 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference
, managed_oom_preference
, ManagedOOMPreference
, "Failed to parse ManagedOOMPreference=");
149 DEFINE_CONFIG_PARSE_ENUM(config_parse_memory_pressure_watch
, cgroup_pressure_watch
, CGroupPressureWatch
, "Failed to parse memory pressure watch setting");
150 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos
, ip_tos
, int, -1, "Failed to parse IP TOS value");
151 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight
, cg_blkio_weight_parse
, uint64_t, "Invalid block IO weight");
152 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight
, cg_weight_parse
, uint64_t, "Invalid weight");
153 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight
, cg_cpu_weight_parse
, uint64_t, "Invalid CPU weight");
154 static DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares_internal
, cg_cpu_shares_parse
, uint64_t, "Invalid CPU shares");
155 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_propagation_flag
, mount_propagation_flag_from_string
, unsigned long, "Failed to parse mount propagation flag");
156 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy
, mpol
, int, -1, "Invalid NUMA policy type");
157 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format
, status_unit_format
, StatusUnitFormat
, "Failed to parse status unit format");
158 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping
, socket_timestamping_from_string_harder
, SocketTimestamping
, "Failed to parse timestamping precision");
160 int config_parse_cpu_shares(
162 const char *filename
,
165 unsigned section_line
,
177 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
178 "Unit uses %s=; please use CPUWeight= instead. Support for %s= will be removed soon.",
181 return config_parse_cpu_shares_internal(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
184 bool contains_instance_specifier_superset(const char *s
) {
186 bool percent
= false;
200 /* If the string is just the instance specifier, it's not a superset of the instance. */
201 if (memcmp_nn(p
, q
- p
, "%i", strlen("%i")) == 0)
204 /* %i, %n and %N all expand to the instance or a superset of it. */
209 if (IN_SET(*p
, 'n', 'N', 'i'))
217 /* `name` is the rendered version of `format` via `unit_printf` or similar functions. */
218 int unit_is_likely_recursive_template_dependency(Unit
*u
, const char *name
, const char *format
) {
219 const char *fragment_path
;
225 /* If a template unit has a direct dependency on itself that includes the unit instance as part of
226 * the template instance via a unit specifier (%i, %n or %N), this will almost certainly lead to
227 * infinite recursion as systemd will keep instantiating new instances of the template unit.
228 * https://github.com/systemd/systemd/issues/17602 shows a good example of how this can happen in
229 * practice. To guard against this, we check for templates that depend on themselves and have the
230 * instantiated unit instance included as part of the template instance of the dependency via a
233 * For example, if systemd-notify@.service depends on systemd-notify@%n.service, this will result in
234 * infinite recursion.
237 if (!unit_name_is_valid(name
, UNIT_NAME_INSTANCE
))
240 if (!unit_name_prefix_equal(u
->id
, name
))
243 if (u
->type
!= unit_name_to_type(name
))
246 r
= unit_file_find_fragment(u
->manager
->unit_id_map
, u
->manager
->unit_name_map
, name
, &fragment_path
, NULL
);
250 /* Fragment paths should also be equal as a custom fragment for a specific template instance
251 * wouldn't necessarily lead to infinite recursion. */
252 if (!path_equal_ptr(u
->fragment_path
, fragment_path
))
255 if (!contains_instance_specifier_superset(format
))
261 int config_parse_unit_deps(
263 const char *filename
,
266 unsigned section_line
,
273 UnitDependency d
= ltype
;
280 for (const char *p
= rvalue
;;) {
281 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
284 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_RETAIN_ESCAPE
);
290 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
294 r
= unit_name_printf(u
, word
, &k
);
296 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
300 r
= unit_is_likely_recursive_template_dependency(u
, k
, word
);
302 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to determine if '%s' is a recursive dependency, ignoring: %m", k
);
306 log_syntax(unit
, LOG_DEBUG
, filename
, line
, 0,
307 "Dropping dependency %s=%s that likely leads to infinite recursion.",
308 unit_dependency_to_string(d
), word
);
312 r
= unit_add_dependency_by_name(u
, d
, k
, true, UNIT_DEPENDENCY_FILE
);
314 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
318 int config_parse_obsolete_unit_deps(
320 const char *filename
,
323 unsigned section_line
,
330 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
331 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue
, unit_dependency_to_string(ltype
));
333 return config_parse_unit_deps(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
336 int config_parse_unit_string_printf(
338 const char *filename
,
341 unsigned section_line
,
348 _cleanup_free_
char *k
= NULL
;
349 const Unit
*u
= ASSERT_PTR(userdata
);
356 r
= unit_full_printf(u
, rvalue
, &k
);
358 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
362 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
365 int config_parse_unit_strv_printf(
367 const char *filename
,
370 unsigned section_line
,
377 const Unit
*u
= ASSERT_PTR(userdata
);
378 _cleanup_free_
char *k
= NULL
;
385 r
= unit_full_printf(u
, rvalue
, &k
);
387 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
391 return config_parse_strv(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
394 int config_parse_unit_path_printf(
396 const char *filename
,
399 unsigned section_line
,
406 _cleanup_free_
char *k
= NULL
;
407 const Unit
*u
= ASSERT_PTR(userdata
);
415 r
= unit_path_printf(u
, rvalue
, &k
);
417 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, r
,
418 "Failed to resolve unit specifiers in '%s'%s: %m",
419 rvalue
, fatal
? "" : ", ignoring");
420 return fatal
? -ENOEXEC
: 0;
423 return config_parse_path(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
426 int config_parse_colon_separated_paths(
428 const char *filename
,
431 unsigned section_line
,
438 char ***sv
= ASSERT_PTR(data
);
439 const Unit
*u
= ASSERT_PTR(userdata
);
446 if (isempty(rvalue
)) {
447 /* Empty assignment resets the list */
448 *sv
= strv_free(*sv
);
452 for (const char *p
= rvalue
;;) {
453 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
455 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
459 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
465 r
= unit_path_printf(u
, word
, &k
);
467 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
468 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
472 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
476 r
= strv_consume(sv
, TAKE_PTR(k
));
484 int config_parse_unit_path_strv_printf(
486 const char *filename
,
489 unsigned section_line
,
497 const Unit
*u
= ASSERT_PTR(userdata
);
504 if (isempty(rvalue
)) {
509 for (const char *p
= rvalue
;;) {
510 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
512 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
518 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
519 "Invalid syntax, ignoring: %s", rvalue
);
523 r
= unit_path_printf(u
, word
, &k
);
525 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
526 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
530 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
534 r
= strv_consume(x
, TAKE_PTR(k
));
540 static int patch_var_run(
542 const char *filename
,
550 e
= path_startswith(*path
, "/var/run/");
554 z
= path_join("/run/", e
);
558 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
559 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
560 "please update the unit file accordingly.", lvalue
, *path
, z
);
562 free_and_replace(*path
, z
);
567 int config_parse_socket_listen(
569 const char *filename
,
572 unsigned section_line
,
579 Socket
*s
= ASSERT_PTR(SOCKET(data
));
580 _cleanup_free_ SocketPort
*p
= NULL
;
587 if (isempty(rvalue
)) {
588 /* An empty assignment removes all ports */
589 socket_free_ports(s
);
593 p
= new(SocketPort
, 1);
602 if (ltype
!= SOCKET_SOCKET
) {
603 _cleanup_free_
char *k
= NULL
;
605 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
607 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
611 PathSimplifyWarnFlags flags
= PATH_CHECK_ABSOLUTE
;
612 if (ltype
!= SOCKET_SPECIAL
)
613 flags
|= PATH_CHECK_NON_API_VFS
;
615 r
= path_simplify_and_warn(k
, flags
, unit
, filename
, line
, lvalue
);
619 if (ltype
== SOCKET_FIFO
) {
620 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
625 free_and_replace(p
->path
, k
);
628 } else if (streq(lvalue
, "ListenNetlink")) {
629 _cleanup_free_
char *k
= NULL
;
631 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
633 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
637 r
= socket_address_parse_netlink(&p
->address
, k
);
639 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
643 p
->type
= SOCKET_SOCKET
;
646 _cleanup_free_
char *k
= NULL
;
648 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
650 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
654 if (path_is_absolute(k
)) { /* Only for AF_UNIX file system sockets… */
655 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
660 r
= socket_address_parse_and_warn(&p
->address
, k
);
662 if (r
!= -EAFNOSUPPORT
)
663 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
667 if (streq(lvalue
, "ListenStream"))
668 p
->address
.type
= SOCK_STREAM
;
669 else if (streq(lvalue
, "ListenDatagram"))
670 p
->address
.type
= SOCK_DGRAM
;
672 assert(streq(lvalue
, "ListenSequentialPacket"));
673 p
->address
.type
= SOCK_SEQPACKET
;
676 if (socket_address_family(&p
->address
) != AF_UNIX
&& p
->address
.type
== SOCK_SEQPACKET
) {
677 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address family not supported, ignoring: %s", rvalue
);
681 p
->type
= SOCKET_SOCKET
;
684 LIST_APPEND(port
, s
->ports
, TAKE_PTR(p
));
688 int config_parse_exec_nice(
690 const char *filename
,
693 unsigned section_line
,
700 ExecContext
*c
= ASSERT_PTR(data
);
707 if (isempty(rvalue
)) {
712 r
= parse_nice(rvalue
, &priority
);
715 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Nice priority out of range, ignoring: %s", rvalue
);
717 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse nice priority '%s', ignoring: %m", rvalue
);
727 int config_parse_exec_oom_score_adjust(
729 const char *filename
,
732 unsigned section_line
,
739 ExecContext
*c
= ASSERT_PTR(data
);
746 if (isempty(rvalue
)) {
747 c
->oom_score_adjust_set
= false;
751 r
= parse_oom_score_adjust(rvalue
, &oa
);
754 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "OOM score adjust value out of range, ignoring: %s", rvalue
);
756 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue
);
760 c
->oom_score_adjust
= oa
;
761 c
->oom_score_adjust_set
= true;
766 int config_parse_exec_coredump_filter(
768 const char *filename
,
771 unsigned section_line
,
778 ExecContext
*c
= ASSERT_PTR(data
);
785 if (isempty(rvalue
)) {
786 c
->coredump_filter
= 0;
787 c
->coredump_filter_set
= false;
792 r
= coredump_filter_mask_from_string(rvalue
, &f
);
794 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
795 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue
);
799 c
->coredump_filter
|= f
;
800 c
->coredump_filter_set
= true;
804 int config_parse_kill_mode(
806 const char *filename
,
809 unsigned section_line
,
816 KillMode
*k
= data
, m
;
823 if (isempty(rvalue
)) {
824 *k
= KILL_CONTROL_GROUP
;
828 m
= kill_mode_from_string(rvalue
);
830 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
,
831 "Failed to parse kill mode specification, ignoring: %s", rvalue
);
836 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
837 "Unit uses KillMode=none. "
838 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
839 "Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
840 "Support for KillMode=none is deprecated and will eventually be removed.");
846 int config_parse_exec(
848 const char *filename
,
851 unsigned section_line
,
858 ExecCommand
**e
= ASSERT_PTR(data
);
859 const Unit
*u
= userdata
;
870 if (isempty(rvalue
)) {
871 /* An empty assignment resets the list */
872 *e
= exec_command_free_list(*e
);
878 _cleanup_free_
char *path
= NULL
, *firstword
= NULL
;
879 ExecCommandFlags flags
= 0;
880 bool ignore
= false, separate_argv0
= false;
881 _cleanup_free_ ExecCommand
*nce
= NULL
;
882 _cleanup_strv_free_
char **n
= NULL
;
888 r
= extract_first_word_and_warn(&p
, &firstword
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
892 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
893 if (streq(firstword
, ";")) {
900 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
901 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
902 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
903 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
904 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
905 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
906 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
907 * other sandboxing, with some special exceptions for changing UID.
909 * The idea is that '!!' may be used to write services that can take benefit of systemd's
910 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
911 * privilege dropping within the daemon if the kernel does not offer that. */
913 if (*f
== '-' && !(flags
& EXEC_COMMAND_IGNORE_FAILURE
)) {
914 flags
|= EXEC_COMMAND_IGNORE_FAILURE
;
916 } else if (*f
== '@' && !separate_argv0
)
917 separate_argv0
= true;
918 else if (*f
== ':' && !(flags
& EXEC_COMMAND_NO_ENV_EXPAND
))
919 flags
|= EXEC_COMMAND_NO_ENV_EXPAND
;
920 else if (*f
== '+' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
921 flags
|= EXEC_COMMAND_FULLY_PRIVILEGED
;
922 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
923 flags
|= EXEC_COMMAND_NO_SETUID
;
924 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_AMBIENT_MAGIC
))) {
925 flags
&= ~EXEC_COMMAND_NO_SETUID
;
926 flags
|= EXEC_COMMAND_AMBIENT_MAGIC
;
932 r
= unit_path_printf(u
, f
, &path
);
934 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
935 "Failed to resolve unit specifiers in '%s'%s: %m",
936 f
, ignore
? ", ignoring" : "");
937 return ignore
? 0 : -ENOEXEC
;
941 /* First word is either "-" or "@" with no command. */
942 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
943 "Empty path in command line%s: '%s'",
944 ignore
? ", ignoring" : "", rvalue
);
945 return ignore
? 0 : -ENOEXEC
;
947 if (!string_is_safe(path
)) {
948 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
949 "Executable name contains special characters%s: %s",
950 ignore
? ", ignoring" : "", path
);
951 return ignore
? 0 : -ENOEXEC
;
953 if (endswith(path
, "/")) {
954 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
955 "Executable path specifies a directory%s: %s",
956 ignore
? ", ignoring" : "", path
);
957 return ignore
? 0 : -ENOEXEC
;
960 if (!(path_is_absolute(path
) ? path_is_valid(path
) : filename_is_valid(path
))) {
961 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
962 "Neither a valid executable name nor an absolute path%s: %s",
963 ignore
? ", ignoring" : "", path
);
964 return ignore
? 0 : -ENOEXEC
;
967 if (!separate_argv0
) {
970 if (!GREEDY_REALLOC0(n
, nlen
+ 2))
982 while (!isempty(p
)) {
983 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
985 /* Check explicitly for an unquoted semicolon as
986 * command separator token. */
987 if (p
[0] == ';' && (!p
[1] || strchr(WHITESPACE
, p
[1]))) {
989 p
+= strspn(p
, WHITESPACE
);
994 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
995 * extract_first_word() would return the same for all of those. */
996 if (p
[0] == '\\' && p
[1] == ';' && (!p
[2] || strchr(WHITESPACE
, p
[2]))) {
1000 p
+= strspn(p
, WHITESPACE
);
1002 if (!GREEDY_REALLOC0(n
, nlen
+ 2))
1013 r
= extract_first_word_and_warn(&p
, &word
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
1017 return ignore
? 0 : -ENOEXEC
;
1019 r
= unit_full_printf(u
, word
, &resolved
);
1021 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1022 "Failed to resolve unit specifiers in %s%s: %m",
1023 word
, ignore
? ", ignoring" : "");
1024 return ignore
? 0 : -ENOEXEC
;
1027 if (!GREEDY_REALLOC(n
, nlen
+ 2))
1030 n
[nlen
++] = TAKE_PTR(resolved
);
1035 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
1036 "Empty executable name or zeroeth argument%s: %s",
1037 ignore
? ", ignoring" : "", rvalue
);
1038 return ignore
? 0 : -ENOEXEC
;
1041 nce
= new0(ExecCommand
, 1);
1045 nce
->argv
= TAKE_PTR(n
);
1046 nce
->path
= TAKE_PTR(path
);
1049 exec_command_append_list(e
, nce
);
1051 /* Do not _cleanup_free_ these. */
1055 } while (semicolon
);
1060 int config_parse_socket_bindtodevice(
1062 const char *filename
,
1064 const char *section
,
1065 unsigned section_line
,
1072 Socket
*s
= ASSERT_PTR(data
);
1078 if (isempty(rvalue
) || streq(rvalue
, "*")) {
1079 s
->bind_to_device
= mfree(s
->bind_to_device
);
1083 if (!ifname_valid(rvalue
)) {
1084 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", rvalue
);
1088 return free_and_strdup_warn(&s
->bind_to_device
, rvalue
);
1091 int config_parse_exec_input(
1093 const char *filename
,
1095 const char *section
,
1096 unsigned section_line
,
1103 ExecContext
*c
= ASSERT_PTR(data
);
1104 const Unit
*u
= userdata
;
1113 n
= startswith(rvalue
, "fd:");
1115 _cleanup_free_
char *resolved
= NULL
;
1117 r
= unit_fd_printf(u
, n
, &resolved
);
1119 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1123 if (isempty(resolved
))
1124 resolved
= mfree(resolved
);
1125 else if (!fdname_is_valid(resolved
)) {
1126 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1130 free_and_replace(c
->stdio_fdname
[STDIN_FILENO
], resolved
);
1132 ei
= EXEC_INPUT_NAMED_FD
;
1134 } else if ((n
= startswith(rvalue
, "file:"))) {
1135 _cleanup_free_
char *resolved
= NULL
;
1137 r
= unit_path_printf(u
, n
, &resolved
);
1139 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1143 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1147 free_and_replace(c
->stdio_file
[STDIN_FILENO
], resolved
);
1149 ei
= EXEC_INPUT_FILE
;
1152 ei
= exec_input_from_string(rvalue
);
1154 log_syntax(unit
, LOG_WARNING
, filename
, line
, ei
, "Failed to parse input specifier, ignoring: %s", rvalue
);
1163 int config_parse_exec_input_text(
1165 const char *filename
,
1167 const char *section
,
1168 unsigned section_line
,
1175 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1176 ExecContext
*c
= ASSERT_PTR(data
);
1177 const Unit
*u
= userdata
;
1184 if (isempty(rvalue
)) {
1185 /* Reset if the empty string is assigned */
1186 c
->stdin_data
= mfree(c
->stdin_data
);
1187 c
->stdin_data_size
= 0;
1191 ssize_t l
= cunescape(rvalue
, 0, &unescaped
);
1193 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
,
1194 "Failed to decode C escaped text '%s', ignoring: %m", rvalue
);
1198 r
= unit_full_printf_full(u
, unescaped
, EXEC_STDIN_DATA_MAX
, &resolved
);
1200 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1201 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped
);
1205 size_t sz
= strlen(resolved
);
1206 if (c
->stdin_data_size
+ sz
+ 1 < c
->stdin_data_size
|| /* check for overflow */
1207 c
->stdin_data_size
+ sz
+ 1 > EXEC_STDIN_DATA_MAX
) {
1208 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1209 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1210 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1214 void *p
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
+ 1);
1218 *((char*) mempcpy((char*) p
+ c
->stdin_data_size
, resolved
, sz
)) = '\n';
1221 c
->stdin_data_size
+= sz
+ 1;
1226 int config_parse_exec_input_data(
1228 const char *filename
,
1230 const char *section
,
1231 unsigned section_line
,
1238 _cleanup_free_
void *p
= NULL
;
1239 ExecContext
*c
= ASSERT_PTR(data
);
1248 if (isempty(rvalue
)) {
1249 /* Reset if the empty string is assigned */
1250 c
->stdin_data
= mfree(c
->stdin_data
);
1251 c
->stdin_data_size
= 0;
1255 r
= unbase64mem(rvalue
, &p
, &sz
);
1257 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1258 "Failed to decode base64 data, ignoring: %s", rvalue
);
1264 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1265 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
) {
1266 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1267 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1268 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1272 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1276 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1279 c
->stdin_data_size
+= sz
;
1284 int config_parse_exec_output(
1286 const char *filename
,
1288 const char *section
,
1289 unsigned section_line
,
1296 _cleanup_free_
char *resolved
= NULL
;
1298 ExecContext
*c
= ASSERT_PTR(data
);
1299 const Unit
*u
= userdata
;
1300 bool obsolete
= false;
1309 n
= startswith(rvalue
, "fd:");
1311 r
= unit_fd_printf(u
, n
, &resolved
);
1313 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", n
);
1317 if (isempty(resolved
))
1318 resolved
= mfree(resolved
);
1319 else if (!fdname_is_valid(resolved
)) {
1320 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1324 eo
= EXEC_OUTPUT_NAMED_FD
;
1326 } else if (streq(rvalue
, "syslog")) {
1327 eo
= EXEC_OUTPUT_JOURNAL
;
1330 } else if (streq(rvalue
, "syslog+console")) {
1331 eo
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
1334 } else if ((n
= startswith(rvalue
, "file:"))) {
1336 r
= unit_path_printf(u
, n
, &resolved
);
1338 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1342 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1346 eo
= EXEC_OUTPUT_FILE
;
1348 } else if ((n
= startswith(rvalue
, "append:"))) {
1350 r
= unit_path_printf(u
, n
, &resolved
);
1352 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1356 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1360 eo
= EXEC_OUTPUT_FILE_APPEND
;
1362 } else if ((n
= startswith(rvalue
, "truncate:"))) {
1364 r
= unit_path_printf(u
, n
, &resolved
);
1366 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1370 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1374 eo
= EXEC_OUTPUT_FILE_TRUNCATE
;
1376 eo
= exec_output_from_string(rvalue
);
1378 log_syntax(unit
, LOG_WARNING
, filename
, line
, eo
, "Failed to parse output specifier, ignoring: %s", rvalue
);
1384 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
1385 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1386 rvalue
, exec_output_to_string(eo
));
1388 if (streq(lvalue
, "StandardOutput")) {
1389 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1390 free_and_replace(c
->stdio_fdname
[STDOUT_FILENO
], resolved
);
1392 free_and_replace(c
->stdio_file
[STDOUT_FILENO
], resolved
);
1397 assert(streq(lvalue
, "StandardError"));
1399 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1400 free_and_replace(c
->stdio_fdname
[STDERR_FILENO
], resolved
);
1402 free_and_replace(c
->stdio_file
[STDERR_FILENO
], resolved
);
1410 int config_parse_exec_io_class(const char *unit
,
1411 const char *filename
,
1413 const char *section
,
1414 unsigned section_line
,
1421 ExecContext
*c
= ASSERT_PTR(data
);
1428 if (isempty(rvalue
)) {
1429 c
->ioprio_set
= false;
1430 c
->ioprio
= IOPRIO_DEFAULT_CLASS_AND_PRIO
;
1434 x
= ioprio_class_from_string(rvalue
);
1436 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse IO scheduling class, ignoring: %s", rvalue
);
1440 c
->ioprio
= ioprio_normalize(ioprio_prio_value(x
, ioprio_prio_data(c
->ioprio
)));
1441 c
->ioprio_set
= true;
1446 int config_parse_exec_io_priority(const char *unit
,
1447 const char *filename
,
1449 const char *section
,
1450 unsigned section_line
,
1457 ExecContext
*c
= ASSERT_PTR(data
);
1464 if (isempty(rvalue
)) {
1465 c
->ioprio_set
= false;
1466 c
->ioprio
= IOPRIO_DEFAULT_CLASS_AND_PRIO
;
1470 r
= ioprio_parse_priority(rvalue
, &i
);
1472 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse IO priority, ignoring: %s", rvalue
);
1476 c
->ioprio
= ioprio_normalize(ioprio_prio_value(ioprio_prio_class(c
->ioprio
), i
));
1477 c
->ioprio_set
= true;
1482 int config_parse_exec_cpu_sched_policy(const char *unit
,
1483 const char *filename
,
1485 const char *section
,
1486 unsigned section_line
,
1493 ExecContext
*c
= ASSERT_PTR(data
);
1500 if (isempty(rvalue
)) {
1501 c
->cpu_sched_set
= false;
1502 c
->cpu_sched_policy
= SCHED_OTHER
;
1503 c
->cpu_sched_priority
= 0;
1507 x
= sched_policy_from_string(rvalue
);
1509 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue
);
1513 c
->cpu_sched_policy
= x
;
1514 /* Moving to or from real-time policy? We need to adjust the priority */
1515 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(x
), sched_get_priority_max(x
));
1516 c
->cpu_sched_set
= true;
1521 int config_parse_exec_mount_apivfs(const char *unit
,
1522 const char *filename
,
1524 const char *section
,
1525 unsigned section_line
,
1532 ExecContext
*c
= ASSERT_PTR(data
);
1539 if (isempty(rvalue
)) {
1540 c
->mount_apivfs_set
= false;
1541 c
->mount_apivfs
= false;
1545 k
= parse_boolean(rvalue
);
1547 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
,
1548 "Failed to parse boolean value, ignoring: %s",
1553 c
->mount_apivfs_set
= true;
1554 c
->mount_apivfs
= k
;
1558 int config_parse_numa_mask(const char *unit
,
1559 const char *filename
,
1561 const char *section
,
1562 unsigned section_line
,
1569 NUMAPolicy
*p
= ASSERT_PTR(data
);
1575 if (streq(rvalue
, "all")) {
1576 r
= numa_mask_add_all(&p
->nodes
);
1578 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1579 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1581 r
= parse_cpu_set_extend(rvalue
, &p
->nodes
, true, unit
, filename
, line
, lvalue
);
1583 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse NUMA node mask, ignoring: %s", rvalue
);
1589 int config_parse_exec_cpu_sched_prio(const char *unit
,
1590 const char *filename
,
1592 const char *section
,
1593 unsigned section_line
,
1600 ExecContext
*c
= ASSERT_PTR(data
);
1607 r
= safe_atoi(rvalue
, &i
);
1609 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue
);
1613 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0. Policy might be set later so
1614 * we do not check the precise range, but only the generic outer bounds. */
1615 if (i
< 0 || i
> 99) {
1616 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue
);
1620 c
->cpu_sched_priority
= i
;
1621 c
->cpu_sched_set
= true;
1626 int config_parse_root_image_options(
1628 const char *filename
,
1630 const char *section
,
1631 unsigned section_line
,
1638 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1639 _cleanup_strv_free_
char **l
= NULL
;
1640 ExecContext
*c
= ASSERT_PTR(data
);
1641 const Unit
*u
= userdata
;
1648 if (isempty(rvalue
)) {
1649 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1653 r
= strv_split_colon_pairs(&l
, rvalue
);
1657 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
1661 STRV_FOREACH_PAIR(first
, second
, l
) {
1662 MountOptions
*o
= NULL
;
1663 _cleanup_free_
char *mount_options_resolved
= NULL
;
1664 const char *mount_options
= NULL
, *partition
= "root";
1665 PartitionDesignator partition_designator
;
1667 /* Format is either 'root:foo' or 'foo' (root is implied) */
1668 if (!isempty(*second
)) {
1670 mount_options
= *second
;
1672 mount_options
= *first
;
1674 partition_designator
= partition_designator_from_string(partition
);
1675 if (partition_designator
< 0) {
1676 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
1677 "Invalid partition name %s, ignoring", partition
);
1680 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
1682 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
1686 o
= new(MountOptions
, 1);
1689 *o
= (MountOptions
) {
1690 .partition_designator
= partition_designator
,
1691 .options
= TAKE_PTR(mount_options_resolved
),
1693 LIST_APPEND(mount_options
, options
, TAKE_PTR(o
));
1697 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1699 /* empty spaces/separators only */
1700 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1705 int config_parse_exec_root_hash(
1707 const char *filename
,
1709 const char *section
,
1710 unsigned section_line
,
1717 _cleanup_free_
void *roothash_decoded
= NULL
;
1718 ExecContext
*c
= ASSERT_PTR(data
);
1719 size_t roothash_decoded_size
= 0;
1726 if (isempty(rvalue
)) {
1727 /* Reset if the empty string is assigned */
1728 c
->root_hash_path
= mfree(c
->root_hash_path
);
1729 c
->root_hash
= mfree(c
->root_hash
);
1730 c
->root_hash_size
= 0;
1734 if (path_is_absolute(rvalue
)) {
1735 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1736 _cleanup_free_
char *p
= NULL
;
1742 free_and_replace(c
->root_hash_path
, p
);
1743 c
->root_hash
= mfree(c
->root_hash
);
1744 c
->root_hash_size
= 0;
1748 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1749 r
= unhexmem(rvalue
, &roothash_decoded
, &roothash_decoded_size
);
1751 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHash=, ignoring: %s", rvalue
);
1754 if (roothash_decoded_size
< sizeof(sd_id128_t
)) {
1755 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "RootHash= is too short, ignoring: %s", rvalue
);
1759 free_and_replace(c
->root_hash
, roothash_decoded
);
1760 c
->root_hash_size
= roothash_decoded_size
;
1761 c
->root_hash_path
= mfree(c
->root_hash_path
);
1766 int config_parse_exec_root_hash_sig(
1768 const char *filename
,
1770 const char *section
,
1771 unsigned section_line
,
1778 _cleanup_free_
void *roothash_sig_decoded
= NULL
;
1780 ExecContext
*c
= ASSERT_PTR(data
);
1781 size_t roothash_sig_decoded_size
= 0;
1788 if (isempty(rvalue
)) {
1789 /* Reset if the empty string is assigned */
1790 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1791 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1792 c
->root_hash_sig_size
= 0;
1796 if (path_is_absolute(rvalue
)) {
1797 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1798 _cleanup_free_
char *p
= NULL
;
1804 free_and_replace(c
->root_hash_sig_path
, p
);
1805 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1806 c
->root_hash_sig_size
= 0;
1810 if (!(value
= startswith(rvalue
, "base64:"))) {
1811 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1812 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue
);
1816 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1817 r
= unbase64mem(value
, &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1819 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHashSignature=, ignoring: %s", rvalue
);
1823 free_and_replace(c
->root_hash_sig
, roothash_sig_decoded
);
1824 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1825 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1830 int config_parse_exec_cpu_affinity(
1832 const char *filename
,
1834 const char *section
,
1835 unsigned section_line
,
1842 ExecContext
*c
= ASSERT_PTR(data
);
1843 const Unit
*u
= userdata
;
1844 _cleanup_free_
char *k
= NULL
;
1851 if (streq(rvalue
, "numa")) {
1852 c
->cpu_affinity_from_numa
= true;
1853 cpu_set_reset(&c
->cpu_set
);
1858 r
= unit_full_printf(u
, rvalue
, &k
);
1860 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1861 "Failed to resolve unit specifiers in '%s', ignoring: %m",
1866 r
= parse_cpu_set_extend(k
, &c
->cpu_set
, true, unit
, filename
, line
, lvalue
);
1868 c
->cpu_affinity_from_numa
= false;
1873 int config_parse_capability_set(
1875 const char *filename
,
1877 const char *section
,
1878 unsigned section_line
,
1885 uint64_t *capability_set
= ASSERT_PTR(data
);
1886 uint64_t sum
= 0, initial
, def
;
1887 bool invert
= false;
1894 if (rvalue
[0] == '~') {
1899 if (streq(lvalue
, "CapabilityBoundingSet")) {
1900 initial
= CAP_MASK_ALL
; /* initialized to all bits on */
1901 def
= CAP_MASK_UNSET
; /* not set */
1903 def
= initial
= 0; /* All bits off */
1905 r
= capability_set_from_string(rvalue
, &sum
);
1907 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue
, rvalue
);
1911 if (sum
== 0 || *capability_set
== def
)
1912 /* "", "~" or uninitialized data -> replace */
1913 *capability_set
= invert
? ~sum
: sum
;
1915 /* previous data -> merge */
1917 *capability_set
&= ~sum
;
1919 *capability_set
|= sum
;
1925 int config_parse_exec_selinux_context(
1927 const char *filename
,
1929 const char *section
,
1930 unsigned section_line
,
1937 ExecContext
*c
= ASSERT_PTR(data
);
1938 const Unit
*u
= userdata
;
1947 if (isempty(rvalue
)) {
1948 c
->selinux_context
= mfree(c
->selinux_context
);
1949 c
->selinux_context_ignore
= false;
1953 if (rvalue
[0] == '-') {
1959 r
= unit_full_printf(u
, rvalue
, &k
);
1961 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1962 "Failed to resolve unit specifiers in '%s'%s: %m",
1963 rvalue
, ignore
? ", ignoring" : "");
1964 return ignore
? 0 : -ENOEXEC
;
1967 free_and_replace(c
->selinux_context
, k
);
1968 c
->selinux_context_ignore
= ignore
;
1973 int config_parse_exec_apparmor_profile(
1975 const char *filename
,
1977 const char *section
,
1978 unsigned section_line
,
1985 ExecContext
*c
= ASSERT_PTR(data
);
1986 const Unit
*u
= userdata
;
1995 if (isempty(rvalue
)) {
1996 c
->apparmor_profile
= mfree(c
->apparmor_profile
);
1997 c
->apparmor_profile_ignore
= false;
2001 if (rvalue
[0] == '-') {
2007 r
= unit_full_printf(u
, rvalue
, &k
);
2009 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2010 "Failed to resolve unit specifiers in '%s'%s: %m",
2011 rvalue
, ignore
? ", ignoring" : "");
2012 return ignore
? 0 : -ENOEXEC
;
2015 free_and_replace(c
->apparmor_profile
, k
);
2016 c
->apparmor_profile_ignore
= ignore
;
2021 int config_parse_exec_smack_process_label(
2023 const char *filename
,
2025 const char *section
,
2026 unsigned section_line
,
2033 ExecContext
*c
= ASSERT_PTR(data
);
2034 const Unit
*u
= userdata
;
2043 if (isempty(rvalue
)) {
2044 c
->smack_process_label
= mfree(c
->smack_process_label
);
2045 c
->smack_process_label_ignore
= false;
2049 if (rvalue
[0] == '-') {
2055 r
= unit_full_printf(u
, rvalue
, &k
);
2057 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2058 "Failed to resolve unit specifiers in '%s'%s: %m",
2059 rvalue
, ignore
? ", ignoring" : "");
2060 return ignore
? 0 : -ENOEXEC
;
2063 free_and_replace(c
->smack_process_label
, k
);
2064 c
->smack_process_label_ignore
= ignore
;
2069 int config_parse_timer(
2071 const char *filename
,
2073 const char *section
,
2074 unsigned section_line
,
2081 _cleanup_(calendar_spec_freep
) CalendarSpec
*c
= NULL
;
2082 _cleanup_free_
char *k
= NULL
;
2083 const Unit
*u
= userdata
;
2084 Timer
*t
= ASSERT_PTR(data
);
2093 if (isempty(rvalue
)) {
2094 /* Empty assignment resets list */
2095 timer_free_values(t
);
2099 r
= unit_full_printf(u
, rvalue
, &k
);
2101 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2105 if (ltype
== TIMER_CALENDAR
) {
2106 r
= calendar_spec_from_string(k
, &c
);
2108 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse calendar specification, ignoring: %s", k
);
2112 r
= parse_sec(k
, &usec
);
2114 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", k
);
2119 v
= new(TimerValue
, 1);
2126 .calendar_spec
= TAKE_PTR(c
),
2129 LIST_PREPEND(value
, t
->values
, v
);
2134 int config_parse_trigger_unit(
2136 const char *filename
,
2138 const char *section
,
2139 unsigned section_line
,
2146 _cleanup_free_
char *p
= NULL
;
2147 Unit
*u
= ASSERT_PTR(data
);
2155 if (UNIT_TRIGGER(u
)) {
2156 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Multiple units to trigger specified, ignoring: %s", rvalue
);
2160 r
= unit_name_printf(u
, rvalue
, &p
);
2162 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2166 type
= unit_name_to_type(p
);
2168 log_syntax(unit
, LOG_WARNING
, filename
, line
, type
, "Unit type not valid, ignoring: %s", rvalue
);
2171 if (unit_has_name(u
, p
)) {
2172 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Units cannot trigger themselves, ignoring: %s", rvalue
);
2176 r
= unit_add_two_dependencies_by_name(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, p
, true, UNIT_DEPENDENCY_FILE
);
2178 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add trigger on %s, ignoring: %m", p
);
2185 int config_parse_path_spec(const char *unit
,
2186 const char *filename
,
2188 const char *section
,
2189 unsigned section_line
,
2196 Path
*p
= ASSERT_PTR(data
);
2199 _cleanup_free_
char *k
= NULL
;
2206 if (isempty(rvalue
)) {
2207 /* Empty assignment clears list */
2212 b
= path_type_from_string(lvalue
);
2214 log_syntax(unit
, LOG_WARNING
, filename
, line
, b
, "Failed to parse path type, ignoring: %s", lvalue
);
2218 r
= unit_path_printf(UNIT(p
), rvalue
, &k
);
2220 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2224 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2228 s
= new0(PathSpec
, 1);
2233 s
->path
= TAKE_PTR(k
);
2235 s
->inotify_fd
= -EBADF
;
2237 LIST_PREPEND(spec
, p
->specs
, s
);
2242 int config_parse_socket_service(
2244 const char *filename
,
2246 const char *section
,
2247 unsigned section_line
,
2254 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2255 _cleanup_free_
char *p
= NULL
;
2256 Socket
*s
= ASSERT_PTR(data
);
2264 r
= unit_name_printf(UNIT(s
), rvalue
, &p
);
2266 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2270 if (!endswith(p
, ".service")) {
2271 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type service, ignoring: %s", rvalue
);
2275 r
= manager_load_unit(UNIT(s
)->manager
, p
, NULL
, &error
, &x
);
2277 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load unit %s, ignoring: %s", rvalue
, bus_error_message(&error
, r
));
2281 unit_ref_set(&s
->service
, UNIT(s
), x
);
2286 int config_parse_fdname(
2288 const char *filename
,
2290 const char *section
,
2291 unsigned section_line
,
2298 _cleanup_free_
char *p
= NULL
;
2299 Socket
*s
= ASSERT_PTR(data
);
2306 if (isempty(rvalue
)) {
2307 s
->fdname
= mfree(s
->fdname
);
2311 r
= unit_fd_printf(UNIT(s
), rvalue
, &p
);
2313 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2317 if (!fdname_is_valid(p
)) {
2318 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", p
);
2322 return free_and_replace(s
->fdname
, p
);
2325 int config_parse_service_sockets(
2327 const char *filename
,
2329 const char *section
,
2330 unsigned section_line
,
2337 Service
*s
= ASSERT_PTR(data
);
2344 for (const char *p
= rvalue
;;) {
2345 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2347 r
= extract_first_word(&p
, &word
, NULL
, 0);
2351 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Trailing garbage in sockets, ignoring: %s", rvalue
);
2357 r
= unit_name_printf(UNIT(s
), word
, &k
);
2359 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
2363 if (!endswith(k
, ".socket")) {
2364 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type socket, ignoring: %s", k
);
2368 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_WANTS
, UNIT_AFTER
, k
, true, UNIT_DEPENDENCY_FILE
);
2370 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2372 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_TRIGGERED_BY
, k
, true, UNIT_DEPENDENCY_FILE
);
2374 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2378 int config_parse_bus_name(
2380 const char *filename
,
2382 const char *section
,
2383 unsigned section_line
,
2390 _cleanup_free_
char *k
= NULL
;
2391 const Unit
*u
= ASSERT_PTR(userdata
);
2398 r
= unit_full_printf_full(u
, rvalue
, SD_BUS_MAXIMUM_NAME_LENGTH
, &k
);
2400 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2404 if (!sd_bus_service_name_is_valid(k
)) {
2405 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid bus name, ignoring: %s", k
);
2409 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
2412 int config_parse_service_timeout(
2414 const char *filename
,
2416 const char *section
,
2417 unsigned section_line
,
2424 Service
*s
= ASSERT_PTR(userdata
);
2432 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2434 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2435 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2436 * all other timeouts. */
2437 r
= parse_sec_fix_0(rvalue
, &usec
);
2439 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2443 s
->start_timeout_defined
= true;
2444 s
->timeout_start_usec
= usec
;
2446 if (streq(lvalue
, "TimeoutSec"))
2447 s
->timeout_stop_usec
= usec
;
2452 int config_parse_timeout_abort(
2454 const char *filename
,
2456 const char *section
,
2457 unsigned section_line
,
2464 usec_t
*ret
= ASSERT_PTR(data
);
2471 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2473 if (isempty(rvalue
)) {
2475 return 0; /* "not set" */
2478 r
= parse_sec(rvalue
, ret
);
2480 return log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= setting, ignoring: %s", lvalue
, rvalue
);
2482 return 1; /* "set" */
2485 int config_parse_service_timeout_abort(
2487 const char *filename
,
2489 const char *section
,
2490 unsigned section_line
,
2497 Service
*s
= ASSERT_PTR(userdata
);
2500 r
= config_parse_timeout_abort(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
,
2501 &s
->timeout_abort_usec
, s
);
2503 s
->timeout_abort_set
= r
;
2507 int config_parse_user_group_compat(
2509 const char *filename
,
2511 const char *section
,
2512 unsigned section_line
,
2519 _cleanup_free_
char *k
= NULL
;
2521 const Unit
*u
= ASSERT_PTR(userdata
);
2528 if (isempty(rvalue
)) {
2529 *user
= mfree(*user
);
2533 r
= unit_full_printf(u
, rvalue
, &k
);
2535 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", rvalue
);
2539 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2540 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2544 if (strstr(lvalue
, "User") && streq(k
, NOBODY_USER_NAME
))
2545 log_struct(LOG_NOTICE
,
2546 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename
, line
, k
,
2548 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR
,
2549 "OFFENDING_USER=%s", k
,
2550 "CONFIG_FILE=%s", filename
,
2551 "CONFIG_LINE=%u", line
);
2553 return free_and_replace(*user
, k
);
2556 int config_parse_user_group_strv_compat(
2558 const char *filename
,
2560 const char *section
,
2561 unsigned section_line
,
2568 char ***users
= data
;
2569 const Unit
*u
= ASSERT_PTR(userdata
);
2576 if (isempty(rvalue
)) {
2577 *users
= strv_free(*users
);
2581 for (const char *p
= rvalue
;;) {
2582 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2584 r
= extract_first_word(&p
, &word
, NULL
, 0);
2588 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid syntax: %s", rvalue
);
2594 r
= unit_full_printf(u
, word
, &k
);
2596 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", word
);
2600 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2601 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2605 r
= strv_push(users
, k
);
2613 int config_parse_working_directory(
2615 const char *filename
,
2617 const char *section
,
2618 unsigned section_line
,
2625 ExecContext
*c
= ASSERT_PTR(data
);
2626 const Unit
*u
= ASSERT_PTR(userdata
);
2634 if (isempty(rvalue
)) {
2635 c
->working_directory_home
= false;
2636 c
->working_directory
= mfree(c
->working_directory
);
2640 if (rvalue
[0] == '-') {
2646 if (streq(rvalue
, "~")) {
2647 c
->working_directory_home
= true;
2648 c
->working_directory
= mfree(c
->working_directory
);
2650 _cleanup_free_
char *k
= NULL
;
2652 r
= unit_path_printf(u
, rvalue
, &k
);
2654 log_syntax(unit
, missing_ok
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2655 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2656 rvalue
, missing_ok
? ", ignoring" : "");
2657 return missing_ok
? 0 : -ENOEXEC
;
2660 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
|(missing_ok
? 0 : PATH_CHECK_FATAL
), unit
, filename
, line
, lvalue
);
2662 return missing_ok
? 0 : -ENOEXEC
;
2664 c
->working_directory_home
= false;
2665 free_and_replace(c
->working_directory
, k
);
2668 c
->working_directory_missing_ok
= missing_ok
;
2672 int config_parse_unit_env_file(const char *unit
,
2673 const char *filename
,
2675 const char *section
,
2676 unsigned section_line
,
2683 char ***env
= ASSERT_PTR(data
);
2684 const Unit
*u
= userdata
;
2685 _cleanup_free_
char *n
= NULL
;
2692 if (isempty(rvalue
)) {
2693 /* Empty assignment frees the list */
2694 *env
= strv_free(*env
);
2698 r
= unit_path_printf(u
, rvalue
, &n
);
2700 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2704 r
= path_simplify_and_warn(n
[0] == '-' ? n
+ 1 : n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2708 r
= strv_push(env
, n
);
2717 int config_parse_environ(
2719 const char *filename
,
2721 const char *section
,
2722 unsigned section_line
,
2729 const Unit
*u
= userdata
;
2730 char ***env
= ASSERT_PTR(data
);
2737 if (isempty(rvalue
)) {
2738 /* Empty assignment resets the list */
2739 *env
= strv_free(*env
);
2743 /* If 'u' is set, we operate on the regular unit specifier table. Otherwise we use a manager-specific
2744 * specifier table (in which case ltype must contain the runtime scope). */
2745 const Specifier
*table
= u
? NULL
: (const Specifier
[]) {
2746 COMMON_SYSTEM_SPECIFIERS
,
2747 COMMON_TMP_SPECIFIERS
,
2748 COMMON_CREDS_SPECIFIERS(ltype
),
2749 { 'h', specifier_user_home
, NULL
},
2750 { 's', specifier_user_shell
, NULL
},
2753 for (const char *p
= rvalue
;; ) {
2754 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
2756 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2760 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2761 "Invalid syntax, ignoring: %s", rvalue
);
2768 r
= specifier_printf(word
, sc_arg_max(), table
, NULL
, NULL
, &resolved
);
2770 r
= unit_env_printf(u
, word
, &resolved
);
2772 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2773 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2777 if (!env_assignment_is_valid(resolved
)) {
2778 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2779 "Invalid environment assignment, ignoring: %s", resolved
);
2783 r
= strv_env_replace_consume(env
, TAKE_PTR(resolved
));
2785 return log_error_errno(r
, "Failed to update environment: %m");
2789 int config_parse_pass_environ(
2791 const char *filename
,
2793 const char *section
,
2794 unsigned section_line
,
2801 _cleanup_strv_free_
char **n
= NULL
;
2802 const Unit
*u
= userdata
;
2803 char*** passenv
= ASSERT_PTR(data
);
2811 if (isempty(rvalue
)) {
2812 /* Empty assignment resets the list */
2813 *passenv
= strv_free(*passenv
);
2817 for (const char *p
= rvalue
;;) {
2818 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2820 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
2824 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2825 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2832 r
= unit_env_printf(u
, word
, &k
);
2834 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2835 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2841 if (!env_name_is_valid(k
)) {
2842 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2843 "Invalid environment name for %s, ignoring: %s", lvalue
, k
);
2847 if (!GREEDY_REALLOC(n
, nlen
+ 2))
2850 n
[nlen
++] = TAKE_PTR(k
);
2855 r
= strv_extend_strv(passenv
, n
, true);
2863 int config_parse_unset_environ(
2865 const char *filename
,
2867 const char *section
,
2868 unsigned section_line
,
2875 _cleanup_strv_free_
char **n
= NULL
;
2876 char*** unsetenv
= ASSERT_PTR(data
);
2877 const Unit
*u
= userdata
;
2885 if (isempty(rvalue
)) {
2886 /* Empty assignment resets the list */
2887 *unsetenv
= strv_free(*unsetenv
);
2891 for (const char *p
= rvalue
;;) {
2892 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2894 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2898 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2899 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2906 r
= unit_env_printf(u
, word
, &k
);
2908 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2909 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2915 if (!env_assignment_is_valid(k
) && !env_name_is_valid(k
)) {
2916 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2917 "Invalid environment name or assignment %s, ignoring: %s", lvalue
, k
);
2921 if (!GREEDY_REALLOC(n
, nlen
+ 2))
2924 n
[nlen
++] = TAKE_PTR(k
);
2929 r
= strv_extend_strv(unsetenv
, n
, true);
2937 int config_parse_log_extra_fields(
2939 const char *filename
,
2941 const char *section
,
2942 unsigned section_line
,
2949 ExecContext
*c
= ASSERT_PTR(data
);
2950 const Unit
*u
= userdata
;
2957 if (isempty(rvalue
)) {
2958 exec_context_free_log_extra_fields(c
);
2962 for (const char *p
= rvalue
;;) {
2963 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2967 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2971 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
2977 r
= unit_full_printf(u
, word
, &k
);
2979 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2983 eq
= strchr(k
, '=');
2985 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field lacks '=' character, ignoring: %s", k
);
2989 if (!journal_field_valid(k
, eq
-k
, false)) {
2990 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field name is invalid, ignoring: %s", k
);
2994 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
2998 c
->log_extra_fields
= t
;
2999 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE_STRING(k
);
3005 int config_parse_log_namespace(
3007 const char *filename
,
3009 const char *section
,
3010 unsigned section_line
,
3017 _cleanup_free_
char *k
= NULL
;
3018 ExecContext
*c
= ASSERT_PTR(data
);
3019 const Unit
*u
= userdata
;
3026 if (isempty(rvalue
)) {
3027 c
->log_namespace
= mfree(c
->log_namespace
);
3031 r
= unit_full_printf_full(u
, rvalue
, NAME_MAX
, &k
);
3033 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3037 if (!log_namespace_name_valid(k
)) {
3038 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Specified log namespace name is not valid, ignoring: %s", k
);
3042 free_and_replace(c
->log_namespace
, k
);
3046 int config_parse_unit_condition_path(
3048 const char *filename
,
3050 const char *section
,
3051 unsigned section_line
,
3058 _cleanup_free_
char *p
= NULL
;
3059 Condition
**list
= ASSERT_PTR(data
), *c
;
3060 ConditionType t
= ltype
;
3061 bool trigger
, negate
;
3062 const Unit
*u
= userdata
;
3069 if (isempty(rvalue
)) {
3070 /* Empty assignment resets the list */
3071 *list
= condition_free_list(*list
);
3075 trigger
= rvalue
[0] == '|';
3079 negate
= rvalue
[0] == '!';
3083 r
= unit_path_printf(u
, rvalue
, &p
);
3085 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3089 r
= path_simplify_and_warn(p
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3093 c
= condition_new(t
, p
, trigger
, negate
);
3097 LIST_PREPEND(conditions
, *list
, c
);
3101 int config_parse_unit_condition_string(
3103 const char *filename
,
3105 const char *section
,
3106 unsigned section_line
,
3113 _cleanup_free_
char *s
= NULL
;
3114 Condition
**list
= ASSERT_PTR(data
), *c
;
3115 ConditionType t
= ltype
;
3116 bool trigger
, negate
;
3117 const Unit
*u
= userdata
;
3124 if (isempty(rvalue
)) {
3125 /* Empty assignment resets the list */
3126 *list
= condition_free_list(*list
);
3130 trigger
= *rvalue
== '|';
3132 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3134 negate
= *rvalue
== '!';
3136 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3138 r
= unit_full_printf(u
, rvalue
, &s
);
3140 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3141 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
3145 c
= condition_new(t
, s
, trigger
, negate
);
3149 LIST_PREPEND(conditions
, *list
, c
);
3153 int config_parse_unit_mounts_for(
3155 const char *filename
,
3157 const char *section
,
3158 unsigned section_line
,
3172 assert(STR_IN_SET(lvalue
, "RequiresMountsFor", "WantsMountsFor"));
3174 for (const char *p
= rvalue
;;) {
3175 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
3177 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3181 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3182 "Invalid syntax, ignoring: %s", rvalue
);
3188 r
= unit_path_printf(u
, word
, &resolved
);
3190 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
3194 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3198 r
= unit_add_mounts_for(u
, resolved
, UNIT_DEPENDENCY_FILE
, unit_mount_dependency_type_from_string(lvalue
));
3200 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add requested mount '%s', ignoring: %m", resolved
);
3206 int config_parse_documentation(
3208 const char *filename
,
3210 const char *section
,
3211 unsigned section_line
,
3218 Unit
*u
= ASSERT_PTR(userdata
);
3226 if (isempty(rvalue
)) {
3227 /* Empty assignment resets the list */
3228 u
->documentation
= strv_free(u
->documentation
);
3232 r
= config_parse_unit_strv_printf(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
,
3233 rvalue
, data
, userdata
);
3237 for (a
= b
= u
->documentation
; a
&& *a
; a
++) {
3239 if (documentation_url_is_valid(*a
))
3242 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid URL, ignoring: %s", *a
);
3253 int config_parse_syscall_filter(
3255 const char *filename
,
3257 const char *section
,
3258 unsigned section_line
,
3265 ExecContext
*c
= data
;
3266 _unused_
const Unit
*u
= ASSERT_PTR(userdata
);
3267 bool invert
= false;
3274 if (isempty(rvalue
)) {
3275 /* Empty assignment resets the list */
3276 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
3277 c
->syscall_allow_list
= false;
3281 if (rvalue
[0] == '~') {
3286 if (!c
->syscall_filter
) {
3287 c
->syscall_filter
= hashmap_new(NULL
);
3288 if (!c
->syscall_filter
)
3292 /* Allow everything but the ones listed */
3293 c
->syscall_allow_list
= false;
3295 /* Allow nothing but the ones listed */
3296 c
->syscall_allow_list
= true;
3298 /* Accept default syscalls if we are on an allow_list */
3299 r
= seccomp_parse_syscall_filter(
3300 "@default", -1, c
->syscall_filter
,
3301 SECCOMP_PARSE_PERMISSIVE
|SECCOMP_PARSE_ALLOW_LIST
,
3309 for (const char *p
= rvalue
;;) {
3310 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3313 r
= extract_first_word(&p
, &word
, NULL
, 0);
3317 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3318 "Invalid syntax, ignoring: %s", rvalue
);
3324 r
= parse_syscall_and_errno(word
, &name
, &num
);
3326 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3327 "Failed to parse syscall:errno, ignoring: %s", word
);
3330 if (!invert
&& num
>= 0) {
3331 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3332 "Allow-listed system calls cannot take error number, ignoring: %s", word
);
3336 r
= seccomp_parse_syscall_filter(
3337 name
, num
, c
->syscall_filter
,
3338 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3339 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3340 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3341 unit
, filename
, line
);
3347 int config_parse_syscall_log(
3349 const char *filename
,
3351 const char *section
,
3352 unsigned section_line
,
3359 ExecContext
*c
= data
;
3360 _unused_
const Unit
*u
= ASSERT_PTR(userdata
);
3361 bool invert
= false;
3369 if (isempty(rvalue
)) {
3370 /* Empty assignment resets the list */
3371 c
->syscall_log
= hashmap_free(c
->syscall_log
);
3372 c
->syscall_log_allow_list
= false;
3376 if (rvalue
[0] == '~') {
3381 if (!c
->syscall_log
) {
3382 c
->syscall_log
= hashmap_new(NULL
);
3383 if (!c
->syscall_log
)
3387 /* Log everything but the ones listed */
3388 c
->syscall_log_allow_list
= false;
3390 /* Log nothing but the ones listed */
3391 c
->syscall_log_allow_list
= true;
3396 _cleanup_free_
char *word
= NULL
;
3398 r
= extract_first_word(&p
, &word
, NULL
, 0);
3402 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3408 r
= seccomp_parse_syscall_filter(
3409 word
, -1, c
->syscall_log
,
3410 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3411 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3412 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3413 unit
, filename
, line
);
3419 int config_parse_syscall_archs(
3421 const char *filename
,
3423 const char *section
,
3424 unsigned section_line
,
3434 if (isempty(rvalue
)) {
3435 *archs
= set_free(*archs
);
3439 for (const char *p
= rvalue
;;) {
3440 _cleanup_free_
char *word
= NULL
;
3443 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3447 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3448 "Invalid syntax, ignoring: %s", rvalue
);
3454 r
= seccomp_arch_from_string(word
, &a
);
3456 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3457 "Failed to parse system call architecture \"%s\", ignoring: %m", word
);
3461 r
= set_ensure_put(archs
, NULL
, UINT32_TO_PTR(a
+ 1));
3467 int config_parse_syscall_errno(
3469 const char *filename
,
3471 const char *section
,
3472 unsigned section_line
,
3479 ExecContext
*c
= data
;
3486 if (isempty(rvalue
) || streq(rvalue
, "kill")) {
3487 /* Empty assignment resets to KILL */
3488 c
->syscall_errno
= SECCOMP_ERROR_NUMBER_KILL
;
3492 e
= parse_errno(rvalue
);
3494 log_syntax(unit
, LOG_WARNING
, filename
, line
, e
, "Failed to parse error number, ignoring: %s", rvalue
);
3498 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid error number, ignoring: %s", rvalue
);
3502 c
->syscall_errno
= e
;
3506 int config_parse_address_families(
3508 const char *filename
,
3510 const char *section
,
3511 unsigned section_line
,
3518 ExecContext
*c
= data
;
3519 bool invert
= false;
3526 if (isempty(rvalue
)) {
3527 /* Empty assignment resets the list */
3528 c
->address_families
= set_free(c
->address_families
);
3529 c
->address_families_allow_list
= false;
3533 if (streq(rvalue
, "none")) {
3534 /* Forbid all address families. */
3535 c
->address_families
= set_free(c
->address_families
);
3536 c
->address_families_allow_list
= true;
3540 if (rvalue
[0] == '~') {
3545 if (!c
->address_families
) {
3546 c
->address_families
= set_new(NULL
);
3547 if (!c
->address_families
)
3550 c
->address_families_allow_list
= !invert
;
3553 for (const char *p
= rvalue
;;) {
3554 _cleanup_free_
char *word
= NULL
;
3557 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3561 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3562 "Invalid syntax, ignoring: %s", rvalue
);
3568 af
= af_from_name(word
);
3570 log_syntax(unit
, LOG_WARNING
, filename
, line
, af
,
3571 "Failed to parse address family, ignoring: %s", word
);
3575 /* If we previously wanted to forbid an address family and now
3576 * we want to allow it, then just remove it from the list.
3578 if (!invert
== c
->address_families_allow_list
) {
3579 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
3583 set_remove(c
->address_families
, INT_TO_PTR(af
));
3587 int config_parse_restrict_namespaces(
3589 const char *filename
,
3591 const char *section
,
3592 unsigned section_line
,
3599 ExecContext
*c
= data
;
3600 unsigned long flags
;
3601 bool invert
= false;
3604 if (isempty(rvalue
)) {
3605 /* Reset to the default. */
3606 c
->restrict_namespaces
= NAMESPACE_FLAGS_INITIAL
;
3610 /* Boolean parameter ignores the previous settings */
3611 r
= parse_boolean(rvalue
);
3613 c
->restrict_namespaces
= 0;
3615 } else if (r
== 0) {
3616 c
->restrict_namespaces
= NAMESPACE_FLAGS_ALL
;
3620 if (rvalue
[0] == '~') {
3625 /* Not a boolean argument, in this case it's a list of namespace types. */
3626 r
= namespace_flags_from_string(rvalue
, &flags
);
3628 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse namespace type string, ignoring: %s", rvalue
);
3632 if (c
->restrict_namespaces
== NAMESPACE_FLAGS_INITIAL
)
3633 /* Initial assignment. Just set the value. */
3634 c
->restrict_namespaces
= invert
? (~flags
) & NAMESPACE_FLAGS_ALL
: flags
;
3636 /* Merge the value with the previous one. */
3637 SET_FLAG(c
->restrict_namespaces
, flags
, !invert
);
3643 int config_parse_restrict_filesystems(
3645 const char *filename
,
3647 const char *section
,
3648 unsigned section_line
,
3654 ExecContext
*c
= ASSERT_PTR(data
);
3655 bool invert
= false;
3662 if (isempty(rvalue
)) {
3663 /* Empty assignment resets the list */
3664 c
->restrict_filesystems
= set_free_free(c
->restrict_filesystems
);
3665 c
->restrict_filesystems_allow_list
= false;
3669 if (rvalue
[0] == '~') {
3674 if (!c
->restrict_filesystems
) {
3676 /* Allow everything but the ones listed */
3677 c
->restrict_filesystems_allow_list
= false;
3679 /* Allow nothing but the ones listed */
3680 c
->restrict_filesystems_allow_list
= true;
3683 for (const char *p
= rvalue
;;) {
3684 _cleanup_free_
char *word
= NULL
;
3686 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3692 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3693 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
3697 r
= bpf_restrict_fs_parse_filesystem(
3699 &c
->restrict_filesystems
,
3700 FILESYSTEM_PARSE_LOG
|
3701 (invert
? FILESYSTEM_PARSE_INVERT
: 0)|
3702 (c
->restrict_filesystems_allow_list
? FILESYSTEM_PARSE_ALLOW_LIST
: 0),
3703 unit
, filename
, line
);
3712 int config_parse_unit_slice(
3714 const char *filename
,
3716 const char *section
,
3717 unsigned section_line
,
3724 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3725 _cleanup_free_
char *k
= NULL
;
3726 Unit
*u
= userdata
, *slice
;
3734 r
= unit_name_printf(u
, rvalue
, &k
);
3736 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3740 r
= manager_load_unit(u
->manager
, k
, NULL
, &error
, &slice
);
3742 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load slice unit %s, ignoring: %s", k
, bus_error_message(&error
, r
));
3746 r
= unit_set_slice(u
, slice
);
3748 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to assign slice %s to unit %s, ignoring: %m", slice
->id
, u
->id
);
3755 int config_parse_cpu_quota(
3757 const char *filename
,
3759 const char *section
,
3760 unsigned section_line
,
3767 CGroupContext
*c
= data
;
3774 if (isempty(rvalue
)) {
3775 c
->cpu_quota_per_sec_usec
= USEC_INFINITY
;
3779 r
= parse_permyriad_unbounded(rvalue
);
3781 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid CPU quota '%s', ignoring.", rvalue
);
3785 c
->cpu_quota_per_sec_usec
= ((usec_t
) r
* USEC_PER_SEC
) / 10000U;
3789 int config_parse_allowed_cpuset(
3791 const char *filename
,
3793 const char *section
,
3794 unsigned section_line
,
3802 const Unit
*u
= userdata
;
3803 _cleanup_free_
char *k
= NULL
;
3810 r
= unit_full_printf(u
, rvalue
, &k
);
3812 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3813 "Failed to resolve unit specifiers in '%s', ignoring: %m",
3818 (void) parse_cpu_set_extend(k
, c
, true, unit
, filename
, line
, lvalue
);
3822 int config_parse_memory_limit(
3824 const char *filename
,
3826 const char *section
,
3827 unsigned section_line
,
3834 CGroupContext
*c
= data
;
3835 uint64_t bytes
= CGROUP_LIMIT_MAX
;
3838 if (isempty(rvalue
) && STR_IN_SET(lvalue
, "DefaultMemoryLow",
3843 bytes
= CGROUP_LIMIT_MIN
;
3844 else if (!isempty(rvalue
) && !streq(rvalue
, "infinity")) {
3846 r
= parse_permyriad(rvalue
);
3848 r
= parse_size(rvalue
, 1024, &bytes
);
3850 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid memory limit '%s', ignoring: %m", rvalue
);
3854 bytes
= physical_memory_scale(r
, 10000U);
3856 if (bytes
>= UINT64_MAX
||
3857 (bytes
<= 0 && !STR_IN_SET(lvalue
,
3859 "StartupMemorySwapMax",
3861 "StartupMemoryZSwapMax",
3866 "DefaultstartupMemoryLow",
3867 "DefaultMemoryMin"))) {
3868 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Memory limit '%s' out of range, ignoring.", rvalue
);
3873 if (streq(lvalue
, "DefaultMemoryLow")) {
3874 c
->default_memory_low
= bytes
;
3875 c
->default_memory_low_set
= true;
3876 } else if (streq(lvalue
, "DefaultStartupMemoryLow")) {
3877 c
->default_startup_memory_low
= bytes
;
3878 c
->default_startup_memory_low_set
= true;
3879 } else if (streq(lvalue
, "DefaultMemoryMin")) {
3880 c
->default_memory_min
= bytes
;
3881 c
->default_memory_min_set
= true;
3882 } else if (streq(lvalue
, "MemoryMin")) {
3883 c
->memory_min
= bytes
;
3884 c
->memory_min_set
= true;
3885 } else if (streq(lvalue
, "MemoryLow")) {
3886 c
->memory_low
= bytes
;
3887 c
->memory_low_set
= true;
3888 } else if (streq(lvalue
, "StartupMemoryLow")) {
3889 c
->startup_memory_low
= bytes
;
3890 c
->startup_memory_low_set
= true;
3891 } else if (streq(lvalue
, "MemoryHigh"))
3892 c
->memory_high
= bytes
;
3893 else if (streq(lvalue
, "StartupMemoryHigh")) {
3894 c
->startup_memory_high
= bytes
;
3895 c
->startup_memory_high_set
= true;
3896 } else if (streq(lvalue
, "MemoryMax"))
3897 c
->memory_max
= bytes
;
3898 else if (streq(lvalue
, "StartupMemoryMax")) {
3899 c
->startup_memory_max
= bytes
;
3900 c
->startup_memory_max_set
= true;
3901 } else if (streq(lvalue
, "MemorySwapMax"))
3902 c
->memory_swap_max
= bytes
;
3903 else if (streq(lvalue
, "StartupMemorySwapMax")) {
3904 c
->startup_memory_swap_max
= bytes
;
3905 c
->startup_memory_swap_max_set
= true;
3906 } else if (streq(lvalue
, "MemoryZSwapMax"))
3907 c
->memory_zswap_max
= bytes
;
3908 else if (streq(lvalue
, "StartupMemoryZSwapMax")) {
3909 c
->startup_memory_zswap_max
= bytes
;
3910 c
->startup_memory_zswap_max_set
= true;
3911 } else if (streq(lvalue
, "MemoryLimit")) {
3912 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3913 "Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.");
3914 c
->memory_limit
= bytes
;
3921 int config_parse_tasks_max(
3923 const char *filename
,
3925 const char *section
,
3926 unsigned section_line
,
3933 const Unit
*u
= userdata
;
3934 CGroupTasksMax
*tasks_max
= data
;
3938 if (isempty(rvalue
)) {
3939 *tasks_max
= u
? u
->manager
->defaults
.tasks_max
: CGROUP_TASKS_MAX_UNSET
;
3943 if (streq(rvalue
, "infinity")) {
3944 *tasks_max
= CGROUP_TASKS_MAX_UNSET
;
3948 r
= parse_permyriad(rvalue
);
3950 *tasks_max
= (CGroupTasksMax
) { r
, 10000U }; /* r‱ */
3952 r
= safe_atou64(rvalue
, &v
);
3954 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid maximum tasks value '%s', ignoring: %m", rvalue
);
3958 if (v
<= 0 || v
>= UINT64_MAX
) {
3959 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue
);
3963 *tasks_max
= (CGroupTasksMax
) { v
};
3969 int config_parse_delegate(
3971 const char *filename
,
3973 const char *section
,
3974 unsigned section_line
,
3981 CGroupContext
*c
= data
;
3985 t
= unit_name_to_type(unit
);
3986 assert(t
!= _UNIT_TYPE_INVALID
);
3988 if (!unit_vtable
[t
]->can_delegate
) {
3989 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Delegate= setting not supported for this unit type, ignoring.");
3993 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or
3994 * turn it off for all. Or it takes a list of controller names, in which case we add the specified
3995 * controllers to the mask to delegate. Delegate= enables delegation without any controllers. */
3997 if (isempty(rvalue
)) {
3998 /* An empty string resets controllers and sets Delegate=yes. */
4000 c
->delegate_controllers
= 0;
4004 r
= parse_boolean(rvalue
);
4006 CGroupMask mask
= 0;
4008 for (const char *p
= rvalue
;;) {
4009 _cleanup_free_
char *word
= NULL
;
4010 CGroupController cc
;
4012 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4016 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4022 cc
= cgroup_controller_from_string(word
);
4024 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid controller name '%s', ignoring", word
);
4028 mask
|= CGROUP_CONTROLLER_TO_MASK(cc
);
4032 c
->delegate_controllers
|= mask
;
4036 c
->delegate_controllers
= CGROUP_MASK_DELEGATE
;
4038 c
->delegate
= false;
4039 c
->delegate_controllers
= 0;
4045 int config_parse_delegate_subgroup(
4047 const char *filename
,
4049 const char *section
,
4050 unsigned section_line
,
4057 CGroupContext
*c
= ASSERT_PTR(data
);
4060 t
= unit_name_to_type(unit
);
4063 if (!unit_vtable
[t
]->can_delegate
) {
4064 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "DelegateSubgroup= setting not supported for this unit type, ignoring.");
4068 if (isempty(rvalue
)) {
4069 c
->delegate_subgroup
= mfree(c
->delegate_subgroup
);
4073 if (cg_needs_escape(rvalue
)) { /* Insist that specified names don't need escaping */
4074 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid control group name, ignoring: %s", rvalue
);
4078 return free_and_strdup_warn(&c
->delegate_subgroup
, rvalue
);
4081 int config_parse_managed_oom_mode(
4083 const char *filename
,
4085 const char *section
,
4086 unsigned section_line
,
4093 ManagedOOMMode
*mode
= data
, m
;
4096 t
= unit_name_to_type(unit
);
4097 assert(t
!= _UNIT_TYPE_INVALID
);
4099 if (!unit_vtable
[t
]->can_set_managed_oom
)
4100 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4102 if (isempty(rvalue
)) {
4103 *mode
= MANAGED_OOM_AUTO
;
4107 m
= managed_oom_mode_from_string(rvalue
);
4109 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
, "Invalid syntax, ignoring: %s", rvalue
);
4117 int config_parse_managed_oom_mem_pressure_limit(
4119 const char *filename
,
4121 const char *section
,
4122 unsigned section_line
,
4129 uint32_t *limit
= data
;
4133 t
= unit_name_to_type(unit
);
4134 assert(t
!= _UNIT_TYPE_INVALID
);
4136 if (!unit_vtable
[t
]->can_set_managed_oom
)
4137 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4139 if (isempty(rvalue
)) {
4144 r
= parse_permyriad(rvalue
);
4146 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse memory pressure limit value, ignoring: %s", rvalue
);
4150 /* Normalize to 2^32-1 == 100% */
4151 *limit
= UINT32_SCALE_FROM_PERMYRIAD(r
);
4155 int config_parse_device_allow(
4157 const char *filename
,
4159 const char *section
,
4160 unsigned section_line
,
4167 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4168 CGroupDevicePermissions permissions
;
4169 CGroupContext
*c
= data
;
4170 const char *p
= rvalue
;
4173 if (isempty(rvalue
)) {
4174 while (c
->device_allow
)
4175 cgroup_context_free_device_allow(c
, c
->device_allow
);
4180 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4184 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4185 "Failed to extract device path and rights from '%s', ignoring.", rvalue
);
4189 r
= unit_path_printf(userdata
, path
, &resolved
);
4191 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4192 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4196 if (!STARTSWITH_SET(resolved
, "block-", "char-")) {
4198 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4202 if (!valid_device_node_path(resolved
)) {
4203 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device node path '%s', ignoring.", resolved
);
4208 permissions
= isempty(p
) ? 0 : cgroup_device_permissions_from_string(p
);
4209 if (permissions
< 0) {
4210 log_syntax(unit
, LOG_WARNING
, filename
, line
, permissions
, "Invalid device rights '%s', ignoring.", p
);
4214 return cgroup_context_add_device_allow(c
, resolved
, permissions
);
4217 int config_parse_io_device_weight(
4219 const char *filename
,
4221 const char *section
,
4222 unsigned section_line
,
4229 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4230 CGroupIODeviceWeight
*w
;
4231 CGroupContext
*c
= data
;
4232 const char *p
= ASSERT_PTR(rvalue
);
4239 if (isempty(rvalue
)) {
4240 while (c
->io_device_weights
)
4241 cgroup_context_free_io_device_weight(c
, c
->io_device_weights
);
4246 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4250 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4251 "Failed to extract device path and weight from '%s', ignoring.", rvalue
);
4254 if (r
== 0 || isempty(p
)) {
4255 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4256 "Invalid device path or weight specified in '%s', ignoring.", rvalue
);
4260 r
= unit_path_printf(userdata
, path
, &resolved
);
4262 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4263 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4267 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4271 r
= cg_weight_parse(p
, &u
);
4273 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "IO weight '%s' invalid, ignoring: %m", p
);
4277 assert(u
!= CGROUP_WEIGHT_INVALID
);
4279 w
= new0(CGroupIODeviceWeight
, 1);
4283 w
->path
= TAKE_PTR(resolved
);
4286 LIST_PREPEND(device_weights
, c
->io_device_weights
, w
);
4290 int config_parse_io_device_latency(
4292 const char *filename
,
4294 const char *section
,
4295 unsigned section_line
,
4302 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4303 CGroupIODeviceLatency
*l
;
4304 CGroupContext
*c
= data
;
4305 const char *p
= ASSERT_PTR(rvalue
);
4312 if (isempty(rvalue
)) {
4313 while (c
->io_device_latencies
)
4314 cgroup_context_free_io_device_latency(c
, c
->io_device_latencies
);
4319 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4323 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4324 "Failed to extract device path and latency from '%s', ignoring.", rvalue
);
4327 if (r
== 0 || isempty(p
)) {
4328 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4329 "Invalid device path or latency specified in '%s', ignoring.", rvalue
);
4333 r
= unit_path_printf(userdata
, path
, &resolved
);
4335 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4336 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4340 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4344 r
= parse_sec(p
, &usec
);
4346 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", p
);
4350 l
= new0(CGroupIODeviceLatency
, 1);
4354 l
->path
= TAKE_PTR(resolved
);
4355 l
->target_usec
= usec
;
4357 LIST_PREPEND(device_latencies
, c
->io_device_latencies
, l
);
4361 int config_parse_io_limit(
4363 const char *filename
,
4365 const char *section
,
4366 unsigned section_line
,
4373 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4374 CGroupIODeviceLimit
*l
= NULL
;
4375 CGroupContext
*c
= data
;
4376 CGroupIOLimitType type
;
4377 const char *p
= ASSERT_PTR(rvalue
);
4384 type
= cgroup_io_limit_type_from_string(lvalue
);
4387 if (isempty(rvalue
)) {
4388 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
)
4389 t
->limits
[type
] = cgroup_io_limit_defaults
[type
];
4393 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4397 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4398 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4401 if (r
== 0 || isempty(p
)) {
4402 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4403 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue
);
4407 r
= unit_path_printf(userdata
, path
, &resolved
);
4409 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4410 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4414 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4418 if (streq("infinity", p
))
4419 num
= CGROUP_LIMIT_MAX
;
4421 r
= parse_size(p
, 1000, &num
);
4422 if (r
< 0 || num
<= 0) {
4423 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid IO limit '%s', ignoring.", p
);
4428 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
)
4429 if (path_equal(resolved
, t
->path
)) {
4435 l
= new0(CGroupIODeviceLimit
, 1);
4439 l
->path
= TAKE_PTR(resolved
);
4440 for (CGroupIOLimitType i
= 0; i
< _CGROUP_IO_LIMIT_TYPE_MAX
; i
++)
4441 l
->limits
[i
] = cgroup_io_limit_defaults
[i
];
4443 LIST_PREPEND(device_limits
, c
->io_device_limits
, l
);
4446 l
->limits
[type
] = num
;
4451 int config_parse_blockio_device_weight(
4453 const char *filename
,
4455 const char *section
,
4456 unsigned section_line
,
4463 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4464 CGroupBlockIODeviceWeight
*w
;
4465 CGroupContext
*c
= data
;
4466 const char *p
= ASSERT_PTR(rvalue
);
4473 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4474 "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
4477 if (isempty(rvalue
)) {
4478 while (c
->blockio_device_weights
)
4479 cgroup_context_free_blockio_device_weight(c
, c
->blockio_device_weights
);
4484 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4488 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4489 "Failed to extract device node and weight from '%s', ignoring.", rvalue
);
4492 if (r
== 0 || isempty(p
)) {
4493 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4494 "Invalid device node or weight specified in '%s', ignoring.", rvalue
);
4498 r
= unit_path_printf(userdata
, path
, &resolved
);
4500 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4501 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4505 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4509 r
= cg_blkio_weight_parse(p
, &u
);
4511 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid block IO weight '%s', ignoring: %m", p
);
4515 assert(u
!= CGROUP_BLKIO_WEIGHT_INVALID
);
4517 w
= new0(CGroupBlockIODeviceWeight
, 1);
4521 w
->path
= TAKE_PTR(resolved
);
4524 LIST_PREPEND(device_weights
, c
->blockio_device_weights
, w
);
4528 int config_parse_blockio_bandwidth(
4530 const char *filename
,
4532 const char *section
,
4533 unsigned section_line
,
4540 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4541 CGroupBlockIODeviceBandwidth
*b
= NULL
;
4542 CGroupContext
*c
= data
;
4543 const char *p
= ASSERT_PTR(rvalue
);
4551 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4552 "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
4555 read
= streq("BlockIOReadBandwidth", lvalue
);
4557 if (isempty(rvalue
)) {
4558 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
) {
4559 t
->rbps
= CGROUP_LIMIT_MAX
;
4560 t
->wbps
= CGROUP_LIMIT_MAX
;
4565 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4569 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4570 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4573 if (r
== 0 || isempty(p
)) {
4574 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4575 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue
);
4579 r
= unit_path_printf(userdata
, path
, &resolved
);
4581 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4582 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4586 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4590 r
= parse_size(p
, 1000, &bytes
);
4591 if (r
< 0 || bytes
<= 0) {
4592 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid Block IO Bandwidth '%s', ignoring.", p
);
4596 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
)
4597 if (path_equal(resolved
, t
->path
)) {
4603 b
= new0(CGroupBlockIODeviceBandwidth
, 1);
4607 b
->path
= TAKE_PTR(resolved
);
4608 b
->rbps
= CGROUP_LIMIT_MAX
;
4609 b
->wbps
= CGROUP_LIMIT_MAX
;
4611 LIST_PREPEND(device_bandwidths
, c
->blockio_device_bandwidths
, b
);
4622 int config_parse_job_mode_isolate(
4624 const char *filename
,
4626 const char *section
,
4627 unsigned section_line
,
4641 r
= parse_boolean(rvalue
);
4643 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse boolean, ignoring: %s", rvalue
);
4647 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue
);
4649 *m
= r
? JOB_ISOLATE
: JOB_REPLACE
;
4653 int config_parse_exec_directories(
4655 const char *filename
,
4657 const char *section
,
4658 unsigned section_line
,
4665 ExecDirectory
*ed
= ASSERT_PTR(data
);
4666 const Unit
*u
= userdata
;
4673 if (isempty(rvalue
)) {
4674 /* Empty assignment resets the list */
4675 exec_directory_done(ed
);
4679 for (const char *p
= rvalue
;;) {
4680 _cleanup_free_
char *tuple
= NULL
;
4682 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
4686 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4687 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
4693 _cleanup_free_
char *src
= NULL
, *dest
= NULL
;
4694 const char *q
= tuple
;
4695 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &src
, &dest
);
4699 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4700 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
4704 _cleanup_free_
char *sresolved
= NULL
;
4705 r
= unit_path_printf(u
, src
, &sresolved
);
4707 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4708 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", src
);
4712 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4716 if (path_startswith(sresolved
, "private")) {
4717 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4718 "%s= path can't be 'private', ignoring assignment: %s", lvalue
, tuple
);
4722 /* For State and Runtime directories we support an optional destination parameter, which
4723 * will be used to create a symlink to the source. */
4724 _cleanup_free_
char *dresolved
= NULL
;
4725 if (!isempty(dest
)) {
4726 if (streq(lvalue
, "ConfigurationDirectory")) {
4727 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4728 "Destination parameter is not supported for ConfigurationDirectory, ignoring: %s", tuple
);
4732 r
= unit_path_printf(u
, dest
, &dresolved
);
4734 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4735 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", dest
);
4739 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4744 r
= exec_directory_add(ed
, sresolved
, dresolved
);
4750 int config_parse_set_credential(
4752 const char *filename
,
4754 const char *section
,
4755 unsigned section_line
,
4762 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
4763 _cleanup_free_
void *d
= NULL
;
4764 ExecContext
*context
= ASSERT_PTR(data
);
4765 ExecSetCredential
*old
;
4767 bool encrypted
= ltype
;
4768 const char *p
= ASSERT_PTR(rvalue
);
4775 if (isempty(rvalue
)) {
4776 /* Empty assignment resets the list */
4777 context
->set_credentials
= hashmap_free(context
->set_credentials
);
4781 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4785 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract credential name, ignoring: %s", rvalue
);
4788 if (r
== 0 || isempty(p
)) {
4789 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", rvalue
);
4793 r
= unit_cred_printf(u
, word
, &k
);
4795 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4798 if (!credential_name_valid(k
)) {
4799 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4804 r
= unbase64mem_full(p
, SIZE_MAX
, true, &d
, &size
);
4806 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Encrypted credential data not valid Base64 data, ignoring.");
4813 /* We support escape codes here, so that users can insert trailing \n if they like */
4814 l
= cunescape(p
, UNESCAPE_ACCEPT_NUL
, &unescaped
);
4816 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
, "Can't unescape \"%s\", ignoring: %m", p
);
4824 old
= hashmap_get(context
->set_credentials
, k
);
4826 free_and_replace(old
->data
, d
);
4828 old
->encrypted
= encrypted
;
4830 _cleanup_(exec_set_credential_freep
) ExecSetCredential
*sc
= NULL
;
4832 sc
= new(ExecSetCredential
, 1);
4836 *sc
= (ExecSetCredential
) {
4838 .data
= TAKE_PTR(d
),
4840 .encrypted
= encrypted
,
4843 r
= hashmap_ensure_put(&context
->set_credentials
, &exec_set_credential_hash_ops
, sc
->id
, sc
);
4847 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4848 "Duplicated credential value '%s', ignoring assignment: %s", sc
->id
, rvalue
);
4858 int hashmap_put_credential(Hashmap
**h
, const char *id
, const char *path
, bool encrypted
) {
4859 ExecLoadCredential
*old
;
4866 old
= hashmap_get(*h
, id
);
4868 r
= free_and_strdup(&old
->path
, path
);
4872 old
->encrypted
= encrypted
;
4874 _cleanup_(exec_load_credential_freep
) ExecLoadCredential
*lc
= NULL
;
4876 lc
= new(ExecLoadCredential
, 1);
4880 *lc
= (ExecLoadCredential
) {
4882 .path
= strdup(path
),
4883 .encrypted
= encrypted
,
4885 if (!lc
->id
|| !lc
->path
)
4888 r
= hashmap_ensure_put(h
, &exec_load_credential_hash_ops
, lc
->id
, lc
);
4898 int config_parse_load_credential(
4900 const char *filename
,
4902 const char *section
,
4903 unsigned section_line
,
4910 _cleanup_free_
char *word
= NULL
, *k
= NULL
, *q
= NULL
;
4911 ExecContext
*context
= ASSERT_PTR(data
);
4912 bool encrypted
= ltype
;
4921 if (isempty(rvalue
)) {
4922 /* Empty assignment resets the list */
4923 context
->load_credentials
= hashmap_free(context
->load_credentials
);
4928 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4932 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4936 r
= unit_cred_printf(u
, word
, &k
);
4938 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4941 if (!credential_name_valid(k
)) {
4942 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4947 /* If only one field is specified take it as shortcut for inheriting a credential named
4948 * the same way from our parent */
4953 r
= unit_path_printf(u
, p
, &q
);
4955 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p
);
4958 if (path_is_absolute(q
) ? !path_is_normalized(q
) : !credential_name_valid(q
)) {
4959 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential source \"%s\" not valid, ignoring.", q
);
4964 r
= hashmap_put_credential(&context
->load_credentials
, k
, q
, encrypted
);
4966 return log_error_errno(r
, "Failed to store load credential '%s': %m", rvalue
);
4971 int config_parse_import_credential(
4973 const char *filename
,
4975 const char *section
,
4976 unsigned section_line
,
4983 _cleanup_free_
char *s
= NULL
;
4984 Set
** import_credentials
= ASSERT_PTR(data
);
4992 if (isempty(rvalue
)) {
4993 /* Empty assignment resets the list */
4994 *import_credentials
= set_free_free(*import_credentials
);
4998 r
= unit_cred_printf(u
, rvalue
, &s
);
5000 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5003 if (!credential_glob_valid(s
)) {
5004 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name or glob \"%s\" not valid, ignoring.", s
);
5008 r
= set_put_strdup(import_credentials
, s
);
5010 return log_error_errno(r
, "Failed to store credential name '%s': %m", rvalue
);
5015 int config_parse_set_status(
5017 const char *filename
,
5019 const char *section
,
5020 unsigned section_line
,
5027 ExitStatusSet
*status_set
= ASSERT_PTR(data
);
5034 /* Empty assignment resets the list */
5035 if (isempty(rvalue
)) {
5036 exit_status_set_free(status_set
);
5040 for (const char *p
= rvalue
;;) {
5041 _cleanup_free_
char *word
= NULL
;
5044 r
= extract_first_word(&p
, &word
, NULL
, 0);
5048 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5049 "Failed to parse %s=%s, ignoring: %m", lvalue
, rvalue
);
5055 /* We need to call exit_status_from_string() first, because we want
5056 * to parse numbers as exit statuses, not signals. */
5058 r
= exit_status_from_string(word
);
5060 assert(r
>= 0 && r
< 256);
5061 bitmap
= &status_set
->status
;
5063 r
= signal_from_string(word
);
5065 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5066 "Failed to parse value, ignoring: %s", word
);
5069 bitmap
= &status_set
->signal
;
5072 r
= bitmap_set(bitmap
, r
);
5074 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5075 "Failed to set signal or status %s, ignoring: %m", word
);
5079 int config_parse_namespace_path_strv(
5081 const char *filename
,
5083 const char *section
,
5084 unsigned section_line
,
5091 const Unit
*u
= userdata
;
5092 char*** sv
= ASSERT_PTR(data
);
5099 if (isempty(rvalue
)) {
5100 /* Empty assignment resets the list */
5101 *sv
= strv_free(*sv
);
5105 for (const char *p
= rvalue
;;) {
5106 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
, *joined
= NULL
;
5108 bool ignore_enoent
= false, shall_prefix
= false;
5110 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
5114 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
5121 if (startswith(w
, "-")) {
5122 ignore_enoent
= true;
5125 if (startswith(w
, "+")) {
5126 shall_prefix
= true;
5130 r
= unit_path_printf(u
, w
, &resolved
);
5132 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", w
);
5136 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5140 joined
= strjoin(ignore_enoent
? "-" : "",
5141 shall_prefix
? "+" : "",
5144 r
= strv_push(sv
, joined
);
5154 int config_parse_temporary_filesystems(
5156 const char *filename
,
5158 const char *section
,
5159 unsigned section_line
,
5166 const Unit
*u
= userdata
;
5167 ExecContext
*c
= ASSERT_PTR(data
);
5174 if (isempty(rvalue
)) {
5175 /* Empty assignment resets the list */
5176 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
5177 c
->temporary_filesystems
= NULL
;
5178 c
->n_temporary_filesystems
= 0;
5182 for (const char *p
= rvalue
;;) {
5183 _cleanup_free_
char *word
= NULL
, *path
= NULL
, *resolved
= NULL
;
5186 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
5190 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
5197 r
= extract_first_word(&w
, &path
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
5201 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", word
);
5205 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", word
);
5209 r
= unit_path_printf(u
, path
, &resolved
);
5211 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", path
);
5215 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5219 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, resolved
, w
);
5225 int config_parse_bind_paths(
5227 const char *filename
,
5229 const char *section
,
5230 unsigned section_line
,
5237 ExecContext
*c
= ASSERT_PTR(data
);
5238 const Unit
*u
= userdata
;
5245 if (isempty(rvalue
)) {
5246 /* Empty assignment resets the list */
5247 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
5248 c
->bind_mounts
= NULL
;
5249 c
->n_bind_mounts
= 0;
5253 for (const char *p
= rvalue
;;) {
5254 _cleanup_free_
char *source
= NULL
, *destination
= NULL
;
5255 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
5256 char *s
= NULL
, *d
= NULL
;
5257 bool rbind
= true, ignore_enoent
= false;
5259 r
= extract_first_word(&p
, &source
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
5263 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
5269 r
= unit_path_printf(u
, source
, &sresolved
);
5271 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5272 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source
);
5278 ignore_enoent
= true;
5282 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5286 /* Optionally, the destination is specified. */
5287 if (p
&& p
[-1] == ':') {
5288 r
= extract_first_word(&p
, &destination
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
5292 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
5296 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing argument after ':', ignoring: %s", s
);
5300 r
= unit_path_printf(u
, destination
, &dresolved
);
5302 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5303 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination
);
5307 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5313 /* Optionally, there's also a short option string specified */
5314 if (p
&& p
[-1] == ':') {
5315 _cleanup_free_
char *options
= NULL
;
5317 r
= extract_first_word(&p
, &options
, NULL
, EXTRACT_UNQUOTE
);
5321 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5325 if (isempty(options
) || streq(options
, "rbind"))
5327 else if (streq(options
, "norbind"))
5330 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid option string, ignoring setting: %s", options
);
5337 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
5341 .read_only
= !!strstr(lvalue
, "ReadOnly"),
5343 .ignore_enoent
= ignore_enoent
,
5352 int config_parse_mount_images(
5354 const char *filename
,
5356 const char *section
,
5357 unsigned section_line
,
5364 ExecContext
*c
= ASSERT_PTR(data
);
5365 const Unit
*u
= userdata
;
5372 if (isempty(rvalue
)) {
5373 /* Empty assignment resets the list */
5374 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
5378 for (const char *p
= rvalue
;;) {
5379 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5380 _cleanup_free_
char *first
= NULL
, *second
= NULL
, *tuple
= NULL
;
5381 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
5382 const char *q
= NULL
;
5384 bool permissive
= false;
5386 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5390 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5391 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5398 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &first
, &second
);
5402 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5403 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5415 r
= unit_path_printf(u
, s
, &sresolved
);
5417 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5418 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5422 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5426 if (isempty(second
)) {
5427 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing destination in %s, ignoring: %s", lvalue
, rvalue
);
5431 r
= unit_path_printf(u
, second
, &dresolved
);
5433 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5434 "Failed to resolve specifiers in \"%s\", ignoring: %m", second
);
5438 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5443 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5444 MountOptions
*o
= NULL
;
5445 PartitionDesignator partition_designator
;
5447 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
);
5451 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5456 /* Single set of options, applying to the root partition/single filesystem */
5458 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5460 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", first
);
5464 o
= new(MountOptions
, 1);
5467 *o
= (MountOptions
) {
5468 .partition_designator
= PARTITION_ROOT
,
5469 .options
= TAKE_PTR(mount_options_resolved
),
5471 LIST_APPEND(mount_options
, options
, o
);
5476 partition_designator
= partition_designator_from_string(partition
);
5477 if (partition_designator
< 0) {
5478 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
5479 "Invalid partition name %s, ignoring", partition
);
5482 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5484 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5488 o
= new(MountOptions
, 1);
5491 *o
= (MountOptions
) {
5492 .partition_designator
= partition_designator
,
5493 .options
= TAKE_PTR(mount_options_resolved
),
5495 LIST_APPEND(mount_options
, options
, o
);
5498 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
,
5500 .source
= sresolved
,
5501 .destination
= dresolved
,
5502 .mount_options
= options
,
5503 .ignore_enoent
= permissive
,
5504 .type
= MOUNT_IMAGE_DISCRETE
,
5511 int config_parse_extension_images(
5513 const char *filename
,
5515 const char *section
,
5516 unsigned section_line
,
5523 ExecContext
*c
= ASSERT_PTR(data
);
5524 const Unit
*u
= userdata
;
5531 if (isempty(rvalue
)) {
5532 /* Empty assignment resets the list */
5533 c
->extension_images
= mount_image_free_many(c
->extension_images
, &c
->n_extension_images
);
5537 for (const char *p
= rvalue
;;) {
5538 _cleanup_free_
char *source
= NULL
, *tuple
= NULL
, *sresolved
= NULL
;
5539 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5540 bool permissive
= false;
5541 const char *q
= NULL
;
5544 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5548 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5549 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5556 r
= extract_first_word(&q
, &source
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
);
5560 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5561 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5573 r
= unit_path_printf(u
, s
, &sresolved
);
5575 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5576 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5580 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5585 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5586 MountOptions
*o
= NULL
;
5587 PartitionDesignator partition_designator
;
5589 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
);
5593 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5598 /* Single set of options, applying to the root partition/single filesystem */
5600 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5602 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", partition
);
5606 o
= new(MountOptions
, 1);
5609 *o
= (MountOptions
) {
5610 .partition_designator
= PARTITION_ROOT
,
5611 .options
= TAKE_PTR(mount_options_resolved
),
5613 LIST_APPEND(mount_options
, options
, o
);
5618 partition_designator
= partition_designator_from_string(partition
);
5619 if (partition_designator
< 0) {
5620 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
5623 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5625 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5629 o
= new(MountOptions
, 1);
5632 *o
= (MountOptions
) {
5633 .partition_designator
= partition_designator
,
5634 .options
= TAKE_PTR(mount_options_resolved
),
5636 LIST_APPEND(mount_options
, options
, o
);
5639 r
= mount_image_add(&c
->extension_images
, &c
->n_extension_images
,
5641 .source
= sresolved
,
5642 .mount_options
= options
,
5643 .ignore_enoent
= permissive
,
5644 .type
= MOUNT_IMAGE_EXTENSION
,
5651 int config_parse_job_timeout_sec(
5653 const char *filename
,
5655 const char *section
,
5656 unsigned section_line
,
5663 Unit
*u
= ASSERT_PTR(data
);
5671 r
= parse_sec_fix_0(rvalue
, &usec
);
5673 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue
);
5677 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5678 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5681 if (!u
->job_running_timeout_set
)
5682 u
->job_running_timeout
= usec
;
5684 u
->job_timeout
= usec
;
5689 int config_parse_job_running_timeout_sec(
5691 const char *filename
,
5693 const char *section
,
5694 unsigned section_line
,
5701 Unit
*u
= ASSERT_PTR(data
);
5709 r
= parse_sec_fix_0(rvalue
, &usec
);
5711 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue
);
5715 u
->job_running_timeout
= usec
;
5716 u
->job_running_timeout_set
= true;
5721 int config_parse_emergency_action(
5723 const char *filename
,
5725 const char *section
,
5726 unsigned section_line
,
5733 EmergencyAction
*x
= ASSERT_PTR(data
);
5734 RuntimeScope runtime_scope
;
5741 /* If we have a unit determine the scope based on it */
5743 runtime_scope
= ((Unit
*) ASSERT_PTR(userdata
))->manager
->runtime_scope
;
5745 runtime_scope
= ltype
; /* otherwise, assume the scope is passed in via ltype */
5747 r
= parse_emergency_action(rvalue
, runtime_scope
, x
);
5749 if (r
== -EOPNOTSUPP
)
5750 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5751 "%s= specified as %s mode action, ignoring: %s",
5752 lvalue
, runtime_scope_to_string(runtime_scope
), rvalue
);
5754 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5755 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5762 int config_parse_pid_file(
5764 const char *filename
,
5766 const char *section
,
5767 unsigned section_line
,
5774 _cleanup_free_
char *k
= NULL
, *n
= NULL
;
5775 const Unit
*u
= ASSERT_PTR(userdata
);
5783 if (isempty(rvalue
)) {
5784 /* An empty assignment removes already set value. */
5789 r
= unit_path_printf(u
, rvalue
, &k
);
5791 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5795 /* If this is a relative path make it absolute by prefixing the /run */
5796 n
= path_make_absolute(k
, u
->manager
->prefix
[EXEC_DIRECTORY_RUNTIME
]);
5800 /* Check that the result is a sensible path */
5801 r
= path_simplify_and_warn(n
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5805 r
= patch_var_run(unit
, filename
, line
, lvalue
, &n
);
5809 free_and_replace(*s
, n
);
5813 int config_parse_exit_status(
5815 const char *filename
,
5817 const char *section
,
5818 unsigned section_line
,
5825 int *exit_status
= data
, r
;
5831 assert(exit_status
);
5833 if (isempty(rvalue
)) {
5838 r
= safe_atou8(rvalue
, &u
);
5840 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse exit status '%s', ignoring: %m", rvalue
);
5848 int config_parse_disable_controllers(
5850 const char *filename
,
5852 const char *section
,
5853 unsigned section_line
,
5861 CGroupContext
*c
= data
;
5862 CGroupMask disabled_mask
;
5864 /* 1. If empty, make all controllers eligible for use again.
5865 * 2. If non-empty, merge all listed controllers, space separated. */
5867 if (isempty(rvalue
)) {
5868 c
->disable_controllers
= 0;
5872 r
= cg_mask_from_string(rvalue
, &disabled_mask
);
5873 if (r
< 0 || disabled_mask
<= 0) {
5874 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid cgroup string: %s, ignoring", rvalue
);
5878 c
->disable_controllers
|= disabled_mask
;
5883 int config_parse_ip_filter_bpf_progs(
5885 const char *filename
,
5887 const char *section
,
5888 unsigned section_line
,
5895 _cleanup_free_
char *resolved
= NULL
;
5896 const Unit
*u
= userdata
;
5897 char ***paths
= ASSERT_PTR(data
);
5904 if (isempty(rvalue
)) {
5905 *paths
= strv_free(*paths
);
5909 r
= unit_path_printf(u
, rvalue
, &resolved
);
5911 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5915 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5919 if (strv_contains(*paths
, resolved
))
5922 r
= strv_extend(paths
, resolved
);
5926 r
= bpf_firewall_supported();
5929 if (r
!= BPF_FIREWALL_SUPPORTED_WITH_MULTI
) {
5930 static bool warned
= false;
5932 log_full(warned
? LOG_DEBUG
: LOG_WARNING
,
5933 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5934 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename
, line
, lvalue
, rvalue
);
5942 int config_parse_bpf_foreign_program(
5944 const char *filename
,
5946 const char *section
,
5947 unsigned section_line
,
5953 _cleanup_free_
char *resolved
= NULL
, *word
= NULL
;
5954 CGroupContext
*c
= data
;
5955 const char *p
= ASSERT_PTR(rvalue
);
5962 if (isempty(rvalue
)) {
5963 while (c
->bpf_foreign_programs
)
5964 cgroup_context_remove_bpf_foreign_program(c
, c
->bpf_foreign_programs
);
5969 r
= extract_first_word(&p
, &word
, ":", 0);
5973 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse foreign BPF program, ignoring: %s", rvalue
);
5976 if (r
== 0 || isempty(p
)) {
5977 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax in %s=, ignoring: %s", lvalue
, rvalue
);
5981 attach_type
= bpf_cgroup_attach_type_from_string(word
);
5982 if (attach_type
< 0) {
5983 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unknown BPF attach type=%s, ignoring: %s", word
, rvalue
);
5987 r
= unit_path_printf(u
, p
, &resolved
);
5989 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %s", p
, rvalue
);
5993 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5997 r
= cgroup_context_add_bpf_foreign_program(c
, attach_type
, resolved
);
5999 return log_error_errno(r
, "Failed to add foreign BPF program to cgroup context: %m");
6004 int config_parse_cgroup_socket_bind(
6006 const char *filename
,
6008 const char *section
,
6009 unsigned section_line
,
6015 _cleanup_free_ CGroupSocketBindItem
*item
= NULL
;
6016 CGroupSocketBindItem
**head
= data
;
6017 uint16_t nr_ports
, port_min
;
6018 int af
, ip_protocol
, r
;
6020 if (isempty(rvalue
)) {
6021 cgroup_context_remove_socket_bind(head
);
6025 r
= parse_socket_bind_item(rvalue
, &af
, &ip_protocol
, &nr_ports
, &port_min
);
6029 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
6030 "Unable to parse %s= assignment, ignoring: %s", lvalue
, rvalue
);
6034 item
= new(CGroupSocketBindItem
, 1);
6037 *item
= (CGroupSocketBindItem
) {
6038 .address_family
= af
,
6039 .ip_protocol
= ip_protocol
,
6040 .nr_ports
= nr_ports
,
6041 .port_min
= port_min
,
6044 LIST_PREPEND(socket_bind_items
, *head
, TAKE_PTR(item
));
6049 int config_parse_restrict_network_interfaces(
6051 const char *filename
,
6053 const char *section
,
6054 unsigned section_line
,
6060 CGroupContext
*c
= ASSERT_PTR(data
);
6061 bool is_allow_rule
= true;
6068 if (isempty(rvalue
)) {
6069 /* Empty assignment resets the list */
6070 c
->restrict_network_interfaces
= set_free_free(c
->restrict_network_interfaces
);
6074 if (rvalue
[0] == '~') {
6075 is_allow_rule
= false;
6079 if (set_isempty(c
->restrict_network_interfaces
))
6080 /* Only initialize this when creating the set */
6081 c
->restrict_network_interfaces_is_allow_list
= is_allow_rule
;
6083 for (const char *p
= rvalue
;;) {
6084 _cleanup_free_
char *word
= NULL
;
6086 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
6092 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
6093 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
6097 if (!ifname_valid_full(word
, IFNAME_VALID_ALTERNATIVE
)) {
6098 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", word
);
6102 if (c
->restrict_network_interfaces_is_allow_list
!= is_allow_rule
)
6103 free(set_remove(c
->restrict_network_interfaces
, word
));
6105 r
= set_put_strdup(&c
->restrict_network_interfaces
, word
);
6114 int config_parse_mount_node(
6116 const char *filename
,
6118 const char *section
,
6119 unsigned section_line
,
6126 const Unit
*u
= ASSERT_PTR(userdata
);
6127 _cleanup_free_
char *resolved
= NULL
, *path
= NULL
;
6134 r
= unit_full_printf(u
, rvalue
, &resolved
);
6136 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
6140 path
= fstab_node_to_udev_node(resolved
);
6144 /* The source passed is not necessarily something we understand, and we pass it as-is to mount/swapon,
6145 * so path_is_valid is not used. But let's check for basic sanity, i.e. if the source is longer than
6146 * PATH_MAX, you're likely doing something wrong. */
6147 if (strlen(path
) >= PATH_MAX
) {
6148 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Resolved mount path '%s' too long, ignoring.", path
);
6152 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, path
, data
, userdata
);
6155 static int merge_by_names(Unit
*u
, Set
*names
, const char *id
) {
6161 /* Let's try to add in all names that are aliases of this unit */
6162 while ((k
= set_steal_first(names
))) {
6163 _cleanup_free_ _unused_
char *free_k
= k
;
6165 /* First try to merge in the other name into our unit */
6166 r
= unit_merge_by_name(u
, k
);
6170 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
6173 other
= manager_get_unit(u
->manager
, k
);
6175 return r
; /* return previous failure */
6177 r
= unit_merge(other
, u
);
6181 return merge_by_names(other
, names
, NULL
);
6184 if (streq_ptr(id
, k
))
6185 unit_choose_id(u
, id
);
6191 int unit_load_fragment(Unit
*u
) {
6192 const char *fragment
;
6193 _cleanup_set_free_free_ Set
*names
= NULL
;
6197 assert(u
->load_state
== UNIT_STUB
);
6201 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6202 u
->load_state
= UNIT_LOADED
;
6206 /* Possibly rebuild the fragment map to catch new units */
6207 r
= unit_file_build_name_map(&u
->manager
->lookup_paths
,
6208 &u
->manager
->unit_cache_timestamp_hash
,
6209 &u
->manager
->unit_id_map
,
6210 &u
->manager
->unit_name_map
,
6211 &u
->manager
->unit_path_cache
);
6213 return log_error_errno(r
, "Failed to rebuild name map: %m");
6215 r
= unit_file_find_fragment(u
->manager
->unit_id_map
,
6216 u
->manager
->unit_name_map
,
6220 if (r
< 0 && r
!= -ENOENT
)
6224 /* Open the file, check if this is a mask, otherwise read. */
6225 _cleanup_fclose_
FILE *f
= NULL
;
6228 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
6229 * expect that all symlinks within the lookup paths have been already resolved, but we don't
6230 * verify this here. */
6231 f
= fopen(fragment
, "re");
6233 return log_unit_notice_errno(u
, errno
, "Failed to open %s: %m", fragment
);
6235 if (fstat(fileno(f
), &st
) < 0)
6238 r
= free_and_strdup(&u
->fragment_path
, fragment
);
6242 if (null_or_empty(&st
)) {
6243 /* Unit file is masked */
6245 u
->load_state
= u
->perpetual
? UNIT_LOADED
: UNIT_MASKED
; /* don't allow perpetual units to ever be masked */
6246 u
->fragment_mtime
= 0;
6247 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6250 if (mac_selinux_use()) {
6251 _cleanup_freecon_
char *selcon
= NULL
;
6253 /* Cache the SELinux context of the unit file here. We'll make use of when checking access permissions to loaded units */
6254 r
= fgetfilecon_raw(fileno(f
), &selcon
);
6256 log_unit_warning_errno(u
, r
, "Failed to read SELinux context of '%s', ignoring: %m", fragment
);
6258 r
= free_and_strdup(&u
->access_selinux_context
, selcon
);
6263 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6265 u
->load_state
= UNIT_LOADED
;
6266 u
->fragment_mtime
= timespec_load(&st
.st_mtim
);
6268 /* Now, parse the file contents */
6269 r
= config_parse(u
->id
, fragment
, f
,
6270 UNIT_VTABLE(u
)->sections
,
6271 config_item_perf_lookup
, load_fragment_gperf_lookup
,
6276 log_unit_notice_errno(u
, r
, "Unit configuration has fatal error, unit will not be started.");
6282 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
6284 * We do the merge dance here because for some unit types, the unit might have aliases which are not
6285 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
6287 const char *id
= u
->id
;
6288 _cleanup_free_
char *filename
= NULL
, *free_id
= NULL
;
6291 r
= path_extract_filename(fragment
, &filename
);
6293 return log_debug_errno(r
, "Failed to extract filename from fragment '%s': %m", fragment
);
6296 if (unit_name_is_valid(id
, UNIT_NAME_TEMPLATE
)) {
6297 assert(u
->instance
); /* If we're not trying to use a template for non-instanced unit,
6298 * this must be set. */
6300 r
= unit_name_replace_instance(id
, u
->instance
, &free_id
);
6302 return log_debug_errno(r
, "Failed to build id (%s + %s): %m", id
, u
->instance
);
6307 return merge_by_names(u
, names
, id
);
6310 void unit_dump_config_items(FILE *f
) {
6311 static const struct {
6312 const ConfigParserCallback callback
;
6315 { config_parse_warn_compat
, "NOTSUPPORTED" },
6316 { config_parse_int
, "INTEGER" },
6317 { config_parse_unsigned
, "UNSIGNED" },
6318 { config_parse_iec_size
, "SIZE" },
6319 { config_parse_iec_uint64
, "SIZE" },
6320 { config_parse_si_uint64
, "SIZE" },
6321 { config_parse_bool
, "BOOLEAN" },
6322 { config_parse_string
, "STRING" },
6323 { config_parse_path
, "PATH" },
6324 { config_parse_unit_path_printf
, "PATH" },
6325 { config_parse_colon_separated_paths
, "PATH" },
6326 { config_parse_strv
, "STRING [...]" },
6327 { config_parse_exec_nice
, "NICE" },
6328 { config_parse_exec_oom_score_adjust
, "OOMSCOREADJUST" },
6329 { config_parse_exec_io_class
, "IOCLASS" },
6330 { config_parse_exec_io_priority
, "IOPRIORITY" },
6331 { config_parse_exec_cpu_sched_policy
, "CPUSCHEDPOLICY" },
6332 { config_parse_exec_cpu_sched_prio
, "CPUSCHEDPRIO" },
6333 { config_parse_exec_cpu_affinity
, "CPUAFFINITY" },
6334 { config_parse_mode
, "MODE" },
6335 { config_parse_unit_env_file
, "FILE" },
6336 { config_parse_exec_output
, "OUTPUT" },
6337 { config_parse_exec_input
, "INPUT" },
6338 { config_parse_log_facility
, "FACILITY" },
6339 { config_parse_log_level
, "LEVEL" },
6340 { config_parse_exec_secure_bits
, "SECUREBITS" },
6341 { config_parse_capability_set
, "BOUNDINGSET" },
6342 { config_parse_rlimit
, "LIMIT" },
6343 { config_parse_unit_deps
, "UNIT [...]" },
6344 { config_parse_exec
, "PATH [ARGUMENT [...]]" },
6345 { config_parse_service_type
, "SERVICETYPE" },
6346 { config_parse_service_exit_type
, "SERVICEEXITTYPE" },
6347 { config_parse_service_restart
, "SERVICERESTART" },
6348 { config_parse_service_restart_mode
, "SERVICERESTARTMODE" },
6349 { config_parse_service_timeout_failure_mode
, "TIMEOUTMODE" },
6350 { config_parse_kill_mode
, "KILLMODE" },
6351 { config_parse_signal
, "SIGNAL" },
6352 { config_parse_socket_listen
, "SOCKET [...]" },
6353 { config_parse_socket_bind
, "SOCKETBIND" },
6354 { config_parse_socket_bindtodevice
, "NETWORKINTERFACE" },
6355 { config_parse_sec
, "SECONDS" },
6356 { config_parse_nsec
, "NANOSECONDS" },
6357 { config_parse_namespace_path_strv
, "PATH [...]" },
6358 { config_parse_bind_paths
, "PATH[:PATH[:OPTIONS]] [...]" },
6359 { config_parse_unit_mounts_for
, "PATH [...]" },
6360 { config_parse_exec_mount_propagation_flag
,
6362 { config_parse_unit_string_printf
, "STRING" },
6363 { config_parse_trigger_unit
, "UNIT" },
6364 { config_parse_timer
, "TIMER" },
6365 { config_parse_path_spec
, "PATH" },
6366 { config_parse_notify_access
, "ACCESS" },
6367 { config_parse_ip_tos
, "TOS" },
6368 { config_parse_unit_condition_path
, "CONDITION" },
6369 { config_parse_unit_condition_string
, "CONDITION" },
6370 { config_parse_unit_slice
, "SLICE" },
6371 { config_parse_documentation
, "URL" },
6372 { config_parse_service_timeout
, "SECONDS" },
6373 { config_parse_emergency_action
, "ACTION" },
6374 { config_parse_set_status
, "STATUS" },
6375 { config_parse_service_sockets
, "SOCKETS" },
6376 { config_parse_environ
, "ENVIRON" },
6378 { config_parse_syscall_filter
, "SYSCALLS" },
6379 { config_parse_syscall_archs
, "ARCHS" },
6380 { config_parse_syscall_errno
, "ERRNO" },
6381 { config_parse_syscall_log
, "SYSCALLS" },
6382 { config_parse_address_families
, "FAMILIES" },
6383 { config_parse_restrict_namespaces
, "NAMESPACES" },
6385 { config_parse_restrict_filesystems
, "FILESYSTEMS" },
6386 { config_parse_cpu_shares
, "SHARES" },
6387 { config_parse_cg_weight
, "WEIGHT" },
6388 { config_parse_cg_cpu_weight
, "CPUWEIGHT" },
6389 { config_parse_memory_limit
, "LIMIT" },
6390 { config_parse_device_allow
, "DEVICE" },
6391 { config_parse_device_policy
, "POLICY" },
6392 { config_parse_io_limit
, "LIMIT" },
6393 { config_parse_io_device_weight
, "DEVICEWEIGHT" },
6394 { config_parse_io_device_latency
, "DEVICELATENCY" },
6395 { config_parse_blockio_bandwidth
, "BANDWIDTH" },
6396 { config_parse_blockio_weight
, "WEIGHT" },
6397 { config_parse_blockio_device_weight
, "DEVICEWEIGHT" },
6398 { config_parse_long
, "LONG" },
6399 { config_parse_socket_service
, "SERVICE" },
6401 { config_parse_exec_selinux_context
, "LABEL" },
6403 { config_parse_job_mode
, "MODE" },
6404 { config_parse_job_mode_isolate
, "BOOLEAN" },
6405 { config_parse_personality
, "PERSONALITY" },
6406 { config_parse_log_filter_patterns
, "REGEX" },
6407 { config_parse_mount_node
, "NODE" },
6410 const char *prev
= NULL
;
6414 NULSTR_FOREACH(i
, load_fragment_gperf_nulstr
) {
6415 const char *rvalue
= "OTHER", *lvalue
;
6416 const ConfigPerfItem
*p
;
6419 assert_se(p
= load_fragment_gperf_lookup(i
, strlen(i
)));
6421 /* Hide legacy settings */
6422 if (p
->parse
== config_parse_warn_compat
&&
6423 p
->ltype
== DISABLED_LEGACY
)
6426 for (size_t j
= 0; j
< ELEMENTSOF(table
); j
++)
6427 if (p
->parse
== table
[j
].callback
) {
6428 rvalue
= table
[j
].rvalue
;
6432 dot
= strchr(i
, '.');
6433 lvalue
= dot
? dot
+ 1 : i
;
6436 size_t prefix_len
= dot
- i
;
6438 if (!prev
|| !strneq(prev
, i
, prefix_len
+1)) {
6442 fprintf(f
, "[%.*s]\n", (int) prefix_len
, i
);
6446 fprintf(f
, "%s=%s\n", lvalue
, rvalue
);
6451 int config_parse_cpu_affinity2(
6453 const char *filename
,
6455 const char *section
,
6456 unsigned section_line
,
6463 CPUSet
*affinity
= ASSERT_PTR(data
);
6465 (void) parse_cpu_set_extend(rvalue
, affinity
, true, unit
, filename
, line
, lvalue
);
6470 int config_parse_show_status(
6472 const char *filename
,
6474 const char *section
,
6475 unsigned section_line
,
6483 ShowStatus
*b
= ASSERT_PTR(data
);
6489 k
= parse_show_status(rvalue
, b
);
6491 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
6496 int config_parse_output_restricted(
6498 const char *filename
,
6500 const char *section
,
6501 unsigned section_line
,
6508 ExecOutput t
, *eo
= ASSERT_PTR(data
);
6509 bool obsolete
= false;
6515 if (streq(rvalue
, "syslog")) {
6516 t
= EXEC_OUTPUT_JOURNAL
;
6518 } else if (streq(rvalue
, "syslog+console")) {
6519 t
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
6522 t
= exec_output_from_string(rvalue
);
6524 log_syntax(unit
, LOG_WARNING
, filename
, line
, t
, "Failed to parse output type, ignoring: %s", rvalue
);
6528 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
, EXEC_OUTPUT_FILE_APPEND
, EXEC_OUTPUT_FILE_TRUNCATE
)) {
6529 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue
);
6535 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
6536 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
6537 rvalue
, exec_output_to_string(t
));
6543 int config_parse_crash_chvt(
6545 const char *filename
,
6547 const char *section
,
6548 unsigned section_line
,
6562 r
= parse_crash_chvt(rvalue
, data
);
6564 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
6569 int config_parse_swap_priority(
6571 const char *filename
,
6573 const char *section
,
6574 unsigned section_line
,
6581 Swap
*s
= ASSERT_PTR(userdata
);
6589 if (isempty(rvalue
)) {
6590 s
->parameters_fragment
.priority
= -1;
6591 s
->parameters_fragment
.priority_set
= false;
6595 r
= safe_atoi(rvalue
, &priority
);
6597 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid swap priority '%s', ignoring.", rvalue
);
6601 if (priority
< -1) {
6602 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue
);
6606 if (priority
> 32767) {
6607 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Swap priority out of range, ignoring: %s", rvalue
);
6611 s
->parameters_fragment
.priority
= priority
;
6612 s
->parameters_fragment
.priority_set
= true;
6616 int config_parse_watchdog_sec(
6618 const char *filename
,
6620 const char *section
,
6621 unsigned section_line
,
6628 usec_t
*usec
= data
;
6634 /* This is called for {Runtime,Reboot,KExec}WatchdogSec= where "default" maps to
6635 * USEC_INFINITY internally. */
6637 if (streq(rvalue
, "default"))
6638 *usec
= USEC_INFINITY
;
6639 else if (streq(rvalue
, "off"))
6642 return config_parse_sec(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
6647 int config_parse_tty_size(
6649 const char *filename
,
6651 const char *section
,
6652 unsigned section_line
,
6659 unsigned *sz
= data
;
6665 if (isempty(rvalue
)) {
6670 return config_parse_unsigned(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
6673 int config_parse_log_filter_patterns(
6675 const char *filename
,
6677 const char *section
,
6678 unsigned section_line
,
6685 ExecContext
*c
= ASSERT_PTR(data
);
6686 const char *pattern
= ASSERT_PTR(rvalue
);
6687 bool is_allowlist
= true;
6693 if (isempty(pattern
)) {
6694 /* Empty assignment resets the lists. */
6695 c
->log_filter_allowed_patterns
= set_free_free(c
->log_filter_allowed_patterns
);
6696 c
->log_filter_denied_patterns
= set_free_free(c
->log_filter_denied_patterns
);
6700 if (pattern
[0] == '~') {
6701 is_allowlist
= false;
6703 if (isempty(pattern
))
6704 /* LogFilterPatterns=~ is not considered a valid pattern. */
6705 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
6706 "Regex pattern invalid, ignoring: %s=%s", lvalue
, rvalue
);
6709 if (pattern_compile_and_log(pattern
, 0, NULL
) < 0)
6712 r
= set_put_strdup(is_allowlist
? &c
->log_filter_allowed_patterns
: &c
->log_filter_denied_patterns
,
6715 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
6716 "Failed to store log filtering pattern, ignoring: %s=%s", lvalue
, rvalue
);
6723 int config_parse_open_file(
6725 const char *filename
,
6727 const char *section
,
6728 unsigned section_line
,
6735 _cleanup_(open_file_freep
) OpenFile
*of
= NULL
;
6736 OpenFile
**head
= ASSERT_PTR(data
);
6743 if (isempty(rvalue
)) {
6744 open_file_free_many(head
);
6748 r
= open_file_parse(rvalue
, &of
);
6750 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse OpenFile= setting, ignoring: %s", rvalue
);
6754 LIST_APPEND(open_files
, *head
, TAKE_PTR(of
));
6759 int config_parse_cgroup_nft_set(
6761 const char *filename
,
6763 const char *section
,
6764 unsigned section_line
,
6771 CGroupContext
*c
= ASSERT_PTR(data
);
6772 Unit
*u
= ASSERT_PTR(userdata
);
6774 return config_parse_nft_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &c
->nft_set_context
, u
);